Re: proposed XML Signature 1.1 addition

I am ok with this addition.  I would also suggest that we add a "Requirement" to the requirements doc http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html - say, 3.3.2.4 (as this could be classified as Interop requirement)

 
------------xxx---------
3.3.2.4 Add X509AKI element to support X.509v3 Authority Key Identifier Extension

To Support base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3 
Authority Key Identifier extension, add an element dsig11:X509AKI  to dsig:X509Data Element list.

Schema:
<element name="X509AKI" type="base64Binary"/>
------------xxx---------

/Shivaram

--
Strong Authentication, SOA, Web Services, PKI, Software Architecture, Product Strategy and Management Consultants:
http://www.TrustStix.com/ 




________________________________
From: Frederick Hirsch <frederick.hirsch@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Sent: Thu, January 14, 2010 11:54:47 AM
Subject: proposed XML Signature 1.1 addition

[not as chair]

Would it be possible to add a new element to XML Signature 1.1, namely X509AKI - I view this as along the same lines as the added OCSP element.

Proposal:

Add  dsig11:X509AKI  to list in #1 in section 4.5.4 The X509Data Element

The X509AKI  element which contains the base64 encoded plain (i.e. non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension.

with schema
<element name="X509AKI" type="base64Binary"/>
---

I've gotten feedback that this would be helpful and would like propose we add it before Last Call.

Thanks

regards, Frederick

Frederick Hirsch
Nokia

Received on Thursday, 14 January 2010 20:18:54 UTC