RE: changelog #A1

Hi Phill,
 
For issues that include a reference to a "policy identifier", I've treated
as if we were dealing with "UseKeyWith".  Thus, I'll keep issue 30 open
until the UseKeyWith proposal is accepted.  Also, for Issue 98, I assumed
that the example would just be redone with UseKeyWith used to specify the
registration policy. I'll leave this unless you feel that you don't want to
include this feature as part of the example anymore.
 
Also, below you indicate "55 [is a duplicate of 25]".  I don't see the
overlap here.
 
Cheers,
Mike
 
 
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
Sent: December 17, 2002 12:28 PM
To: Www-Xkms (E-mail)
Subject: FW: changelog #A1
 
 
 
All,still editing the spec, but the changes for some of the other issues are
likely to be lengthy so will continue in another message
 
Changed date to Dec 16th
 
Issue 98:    Closed
        We decided to remove the policy identifier in favor of UseKeyWith
and so this issue is now redundant
 
Issue 30:    Close    Policy Identifier removed
 
OK next changes are complex since so much touches on UseKeyBinding. These
changes address issues 30, 84, 79 and in part 117
 

Element <UseKeyWith>

The  <UseKeyWith> element specifies a subject identifier and application
identifier that determine a use of the key.
In the case of a <KeyBinding> or <UnverifiedKeyBinding> the <UseKeyWith>
element specifies a use of the key. If multiple <UseKeyWith> elements are
present each element specifies a use of the key.
In the case of a <QueryKeyBinding> or <TemplateKeyBinding> the <UseKeyWith>
element specifies an intended use of the key. If multiple <UseKeyWith>
elements are present each element specifies an intended use of the key. 
Application     [Required]
A URI that specifies the application protocol with which the key may be used
Identifier     [Required]
Specifies the subject to which the key corresponds within the specified
application protocol.
<UseKeyWith> application identifiers MAY be used to represent key binding
issuance and/or use policies instead of an application protocol. In this
case the <UseKeyWith> element specifies that the key binding complies with
the specified policy.
In the case that a client follows a referral model in which raw key binding
information is obtained from a Locate service then forwarded to a validate
service the <UseKeyWith> elements in the query should in both cases specify
the uses for which the application intends to use the key. Applications
SHOULD NOT forward <UseKeyWith> elements returned in a Locate result in a
subsequent Validate query.
The following table lists application URIs for common protocols and the
corresponding format for the identifier information:

Protocol
Application URI
Identifier
Type

XKMS
http://www.w3.org/2002/03/xkms#
URL identifying SOAP role
URL

XKMS/profile
http://www.w3.org/2002/03/xkms#profile
URL identifying SOAP role
URL

S/MIME
urn:ietf:rfc:2633
SMTP email address of subject
RFC822 addr-spec

PGP
urn:ietf:rfc:2440
SMTP email address of subject
RFC822 addr-spec

SSL/HTTPS
urn:ietf:rfc:2817
DNS address of http server
DNS Address

SSL/SMTP
urn:ietf:rfc:2487
DNS address of mail server
DNS Address

IPSEC
urn:ietf:rfc:2401
IP address of network resource
IP Address

PKIX
urn:ietf:rfc:2459
Certificate Subject Name
X.509 Distinguished Name
The XKMS application URI is used to specify a key binding that is used to
secure an XKMS service. An XKMS service SHOULD support discovery of the
supported security profiles and corresponding key bindings by means of a
Locate operation that specifies the XKMS application URI and the URL of the
service role.
The following table describes the formatting for the specified types of
identifier:

Identifier Type
Example
Description

RFC822 addr-spec
bob@cryptographer.test
The addr-spec fragment of an RFC 822 email address as used by SMTP

URL
https://secret.commerce.test/
A Uniform Resource Locator

DNS Address
secret.commerce.test
An Internet DNS address

IP Address
10.23.0.20
An IPv4 address in decimal notation

1080::8:800:200C:417A
An IPv6 address in  <outbind://1/#RFC-2373> RFC 2373 notation

X.509 Distinguished Name
C="UK" O="CryptoGuys Ltd." CN="Bob"
An X.509 Distinguished Name
The following schema defines the <UseKeyWith> element:
 
Issue 96    Removed the sentence Joseph comments on as obsolete.
Issue 108 Done
Issue 119 Done 
Issue 121  Done
Issue 123 Done as per Ed's message 
Issue 124 Done
 
 
58 is done except for the organizations for the following:
Eric Brunner-Williams
Jean Pawluk, 
Pradeep Lamsal 
 
 
Outstanding (major)
 
122, 120, 118, 117, 116, 115, 114, 103, 74, 71, 57, 25, 47
 
Outstanding (last minute)
 
17, 18,  [final audit]
37, 39, 
55 [is a duplicate of 25]
58
63
99
102 [ none at present but they do seem to keep popping back]
 
I think are closed - 
36 - we use SOAP throughout except where we mention the XML Protocol working
group
 

Received on Thursday, 19 December 2002 10:31:40 UTC