- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 19 Dec 2002 13:58:50 -0500
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Www-Xkms (E-mail)" <www-xkms@w3.org>
On Tuesday 02 April 2002 17:58, Hallam-Baker, Phillip wrote: > Please find attached a ZIP of the revised spec together with a new > schema. In the 16-December draft re: 4.1.3 Element <UseKeyWith> >[150] <UseKeyWith> application identifiers MAY be used to >represent key binding issuance and/or use policies instead >of an application protocol. In this case the <UseKeyWith> >element specifies that the key binding complies with the specified policy. So this appears to be new text. Let me step back a second though. I requested a means by which a XKMS service would provide policy context to a response it gives, in particular "obtain an assertion specifying the status of the binding between the public key and other data". I believe it is important to hang the status of the binding off of some policy context such as, "this binding is valid for PKIX semantics/processing and our local trust policy foo." Some URI could be provided to indicate this. I don't think this is addressed by the new text; and it appears to be designating a security policy the requestor/client should use with the returned information? "The <UseKeyWith> element specifies a subject identifier and application identifier that determine a use of the key." I didn't understand the discussion as to why it was moved to UseKeyWith (instead of a PolicyURI), but maybe this is why, because there are two requirements before us? (One to provide context to the service, another to provide guidance to the client?)
Received on Thursday, 19 December 2002 13:58:54 UTC