- From: Rich Salz <rsalz@zolera.com>
- Date: Tue, 13 Nov 2001 11:15:14 -0500
- To: stephen.farrell@baltimore.ie
- CC: www-xkms-ws@w3c.org, hirsch@zolera.com, mike.just@entrust.com
Stephen Farrell wrote: > 5. Relationship to SOAP/XML protocol security. My belief is that xkms > will be easier to finish, implement and more efficient if we define, > in the xkms specification(s), how xkms transactions are secured, rather > than assume that generic XML protocol security mechanisms are used > to secure xkms. If we have concensus on this then I think we should > call this out specifically, so that the other folks don't get the > wrong impression. I pretty much agree with what you wrote, but I wanted to particularly mention this. I'm viewing "XML Protocol Security" as being transport-like, and not part of the application. I don't know if that's the intent, or not. Regardless, the "soap security" note, is still just a W3C Note, and the XMLProtocol group (in which I'm active) isn't doing anything about security yet. So, I think XKMS messages should have their own optional ds:Signature element defined in all messages. /r$ -- Zolera Systems, Your Key to Online Integrity Securing Web services: XML, SOAP, Dig-sig, Encryption http://www.zolera.com
Received on Tuesday, 13 November 2001 11:16:10 UTC