RE: XKMS 2.0 base working draft from Blair Dillaway on 2001-11-21 (www-xkms-ws@w3.org from November 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 21 Nov 2001 11:14:26 -0800
To: <stephen.farrell@baltimore.ie>, "Krishna Sankar" <ksankar@cisco.com>
Cc: <www-xkms-ws@w3c.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCE01@red-msg-01.redmond.corp.microsoft.com>

I suspect the timing will not be right.  There is currently no XML-P WG
chartered to address the issue of securing SOAP/XML-P messages.  Even if
there were a near-term action to charter such a group, their specs would
inevitably lag the XKMS effort.  Based on my understanding of the W3C
policy on spec dependencies, I don't believe we could have an explicit
dependency on such a specification.  

I would hope however, we could build on the basic syntax/structure in
our recently published ws-security spec assuming it will bear some
resemblance to an eventual XML-P security spec.  In any event, the XKMS
group will need to define a detailed 'message security profile'
explaining exactly what's signed, encrypted, and authenticated for XKMS
messages and what types of trust infrastructure must be supported.
This is the only way we'll ever be able to achieve interoperability.

Blair

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] 
Sent: Wednesday, November 21, 2001 10:53 AM
To: Krishna Sankar
Cc: www-xkms-ws@w3c.org
Subject: Re: XKMS 2.0 base working draft



Krishna,

(I was talking about the timing of the specs.)

I guess I would tend towards the more self-contained approach -
something 
like specifying use of xmldsig and xmlenc "directly" for xkms where 
we need message level protection (and perhaps tls/ssl where we don't). 

>         As another point, my hope is that by the time we are ready 
> with our final version, SOAP security would be far enough for us to 
> use it.

I seem to recall Blair making a comment that made me think the 
opposite on the conference call last week (Blair?).

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Received on Wednesday, 21 November 2001 14:15:25 UTC