I am ok with this addition. I would also suggest that we add a "Requirement" to the requirements doc http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html - say, 3.3.2.4 (as this could be classified as Interop requirement)
------------xxx---------
3.3.2.4 Add X509AKI element to support X.509v3 Authority Key Identifier Extension
To Support base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3
Authority Key Identifier extension, add an element dsig11:X509AKI to dsig:X509Data Element list.
Schema:
<element name="X509AKI" type="base64Binary"/>
------------xxx---------
/Shivaram
--
Strong Authentication, SOA, Web Services, PKI, Software Architecture, Product Strategy and Management Consultants:
http://www.TrustStix.com/
________________________________
From: Frederick Hirsch <frederick.hirsch@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Sent: Thu, January 14, 2010 11:54:47 AM
Subject: proposed XML Signature 1.1 addition
[not as chair]
Would it be possible to add a new element to XML Signature 1.1, namely X509AKI - I view this as along the same lines as the added OCSP element.
Proposal:
Add dsig11:X509AKI to list in #1 in section 4.5.4 The X509Data Element
The X509AKI element which contains the base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension.
with schema
<element name="X509AKI" type="base64Binary"/>
---
I've gotten feedback that this would be helpful and would like propose we add it before Last Call.
Thanks
regards, Frederick
Frederick Hirsch
Nokia