FW: changelog #A1 from Hallam-Baker, Phillip on 2002-12-17 (www-xkms@w3.org from December 2002)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Tue, 17 Dec 2002 09:27:58 -0800
To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
Message-ID: <CE541259607DE94CA2A23816FB49F4A310FEFB@vhqpostal6.verisign.com>
 
 
All,still editing the spec, but the changes for some of the other issues
are likely to be lengthy so will continue in another message
 
Changed date to Dec 16th
 
Issue 98:    Closed
        We decided to remove the policy identifier in favor of
UseKeyWith and so this issue is now redundant
 
Issue 30:    Close    Policy Identifier removed
 
OK next changes are complex since so much touches on UseKeyBinding.
These changes address issues 30, 84, 79 and in part 117
 

Element <UseKeyWith>


The  <UseKeyWith> element specifies a subject identifier and application
identifier that determine a use of the key.

In the case of a <KeyBinding> or <UnverifiedKeyBinding> the <UseKeyWith>
element specifies a use of the key. If multiple <UseKeyWith> elements
are present each element specifies a use of the key.

In the case of a <QueryKeyBinding> or <TemplateKeyBinding> the
<UseKeyWith> element specifies an intended use of the key. If multiple
<UseKeyWith> elements are present each element specifies an intended use
of the key. 

Application     [Required]

A URI that specifies the application protocol with which the key may be
used

Identifier     [Required]


Specifies the subject to which the key corresponds within the specified
application protocol.

<UseKeyWith> application identifiers MAY be used to represent key
binding issuance and/or use policies instead of an application protocol.
In this case the <UseKeyWith> element specifies that the key binding
complies with the specified policy.

In the case that a client follows a referral model in which raw key
binding information is obtained from a Locate service then forwarded to
a validate service the <UseKeyWith> elements in the query should in both
cases specify the uses for which the application intends to use the key.
Applications SHOULD NOT forward <UseKeyWith> elements returned in a
Locate result in a subsequent Validate query.

The following table lists application URIs for common protocols and the
corresponding format for the identifier information:


Protocol

Application URI

Identifier

Type


XKMS

http://www.w3.org/2002/03/xkms#

URL identifying SOAP role

URL


XKMS/profile

http://www.w3.org/2002/03/xkms#profile

URL identifying SOAP role

URL


S/MIME

urn:ietf:rfc:2633

SMTP email address of subject

RFC822 addr-spec


PGP

urn:ietf:rfc:2440

SMTP email address of subject

RFC822 addr-spec


SSL/HTTPS

urn:ietf:rfc:2817

DNS address of http server

DNS Address


SSL/SMTP

urn:ietf:rfc:2487

DNS address of mail server

DNS Address


IPSEC

urn:ietf:rfc:2401

IP address of network resource

IP Address


PKIX

urn:ietf:rfc:2459

Certificate Subject Name

X.509 Distinguished Name

The XKMS application URI is used to specify a key binding that is used
to secure an XKMS service. An XKMS service SHOULD support discovery of
the supported security profiles and corresponding key bindings by means
of a Locate operation that specifies the XKMS application URI and the
URL of the service role.

The following table describes the formatting for the specified types of
identifier:


Identifier Type

Example

Description


RFC822 addr-spec

bob@cryptographer.test

The addr-spec fragment of an RFC 822 email address as used by SMTP


URL

https://secret.commerce.test/

A Uniform Resource Locator


DNS Address

secret.commerce.test

An Internet DNS address


IP Address

10.23.0.20

An IPv4 address in decimal notation


1080::8:800:200C:417A

An IPv6 address in  <outbind://1/#RFC-2373> RFC 2373 notation


X.509 Distinguished Name

C="UK" O="CryptoGuys Ltd." CN="Bob"

An X.509 Distinguished Name

The following schema defines the <UseKeyWith> element:

 
Issue 96    Removed the sentence Joseph comments on as obsolete.
Issue 108 Done
Issue 119 Done 
Issue 121  Done
Issue 123 Done as per Ed's message 
Issue 124 Done
 
 
58 is done except for the organizations for the following:
Eric Brunner-Williams
Jean Pawluk, 
Pradeep Lamsal 
 
 
Outstanding (major)
 
122, 120, 118, 117, 116, 115, 114, 103, 74, 71, 57, 25, 47
 
Outstanding (last minute)
 
17, 18,  [final audit]
37, 39, 
55 [is a duplicate of 25]
58
63
99
102 [ none at present but they do seem to keep popping back]
 
I think are closed - 
36 - we use SOAP throughout except where we mention the XML Protocol
working group
Received on Tuesday, 17 December 2002 12:28:04 UTC