RE: XKMS 2.0 base working draft from Krishna Sankar on 2001-11-21 (www-xkms-ws@w3.org from November 2001)

From: Krishna Sankar <ksankar@cisco.com>
Date: Wed, 21 Nov 2001 10:20:19 -0800
To: <stephen.farrell@baltimore.ie>
Cc: <www-xkms-ws@w3c.org>
Message-ID: <NABBJDOPDKGCDCNBNEDOEEPLGBAA.ksankar@cisco.com>

Hi,

	Yep. Good question. I assume you are talking about the timing of the specs
not the timing problem as in TrustedTiming service, replay attack et al.

	In case of the former, it is a thin line. We could do what we did in SAML -
is use XML Signature and XML Encryption and  have a section with our "spin"
on it - say how we plan to use them. But if we are planning to use SOAP it
is better to be aligned with SOAP security, then any generic SOAP engine can
provide the transport for XKMS.

	In case of latter, TrustedTiming, replay attack et al, I like the way ETSI
have added stuff to the XML Signature. We could adopt their ideas plus
anything more we need. The only caveat I see is that, then, any generic XML
Signature engine will not be sufficient for XKMS.

	As another point, my hope is that by the time we are ready with our final
version, SOAP security would be far enough for us to use it. We also need to
consider the .NET and the Java worlds.

	What do you think ? Should we try to have the goal of using the basic
engines (SOAP, XML Signature et al) or should we ask for a few more
capabilities than the basic specs can provide, to support XKMS. I like the
latter, gives us the freedom to ask for features we need to make XKMS
comprehensive.

cheers

 | -----Original Message-----
 | From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
 | Sent: Wednesday, November 21, 2001 10:04 AM
 | To: Krishna Sankar
 | Cc: www-xkms-ws@w3c.org
 | Subject: Re: XKMS 2.0 base working draft
 |
 |
 |
 | Wouldn't ws-security create a referencing/timing problem for us?
 |
 | Stephen.
 |
 | Krishna Sankar wrote:
 | >
 | > phb,
 | >
 | >  |
 | >  | 5) How do we address message signing? Profile ws-security? Inline
 | >  | signatures?
 | >  |
 | >
 | >         ws-security is still emerging and general. I think we
 | would need to have a
 | > section customizing some parts of it similar to the one we
 | wrote for SAML.
 | > Hopefully this section would become more and more thinner as the
 | > ws-security/SOAP security evolves. On a related note ETSI has a good
 | > document adding stuff to XML Signature like key information,
 | time stamping
 | > authority et al which we might want to look at.
 | >
 | >         Another quick question : What do we do for encryption
 | ? Again WS-Security ?
 | >
 | > cheers and have a happy thanksgiving
 |
 | --
 | ____________________________________________________________
 | Stephen Farrell
 | Baltimore Technologies,   tel: (direct line) +353 1 881 6716
 | 39 Parkgate Street,                     fax: +353 1 881 7000
 | Dublin 8.                mailto:stephen.farrell@baltimore.ie
 | Ireland                             http://www.baltimore.com
 |

Received on Wednesday, 21 November 2001 13:22:13 UTC