XKPMS Comments from Joseph M. Reagle Jr. on 2000-12-21 (www-archive@w3.org from December 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 21 Dec 2000 18:00:30 -0500
To: Philip Hallam-Baker <pbaker@verisign.com>
Cc: "Public Archival Service" <www-archive@w3.org>
Message-Id: <4.3.2.7.2.20001221173258.01f82f30@rpcp.mit.edu>

http://www.verisign.com/rsc/wp/xml/xkms_spec/xkms_spec_wp.pdf

Some of these comments might be the result of my own careless reading, but 
this is what I scribbled in the margin for what it's worth:

>Tier 1 Processing of the <ds: KeyInfo> element by the application is 
>delegated to a service.

This is later called the Locate service, might as well include definition 
here.

>Tier 2 Validation Service As in tier 1, but in addition, the service 
>reports further information

"Validation" might be confused with "Signature Validation" in that a reader 
might think the service actually validates the signature. (Maybe "Binding 
Service"?) Either case, it'd probably be good to call it Binding Validation 
and distinguish between the formal definition of Signature Validation.

>Tier 3 Assertion Service Establishment and management of long term trust 
>relationships.

Is this a generalizable assertion service?

>of the URI and Type attributes is mandatory

Type is now optional (prose and schema disagreed (in your spec too), but now 
harmonized:
http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/#sec-RetrievalMethod

><ds: KeyInfo>
>   <RetrievalMethod .../>
></ ds: KeyInfo>

You should qualify the RetreivalMethod with ds: too .

><Locate> <Query>

I wonder if the query/response could be generalized using XPath (perhaps 
less appropriate) or XML Query (they have a data model and algebra, haven't 
designated an XML syntax yet though).

><Validate> and <ValidateResult>

Is there a data model behind the request, the input, and output? Should the 
Query have an ID to match one then provided in the ValidateResult?

>Authenticating the response messages using the XML Signature Specification.

Where in the content model do these Signatures go, and which elements must 
be signed?

>Authentication
>An XML document node that provides information that authenticates the 
>request.

Probably better to call this an XML element type (instead of document node).




__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Thursday, 21 December 2000 18:00:45 UTC