Requirements comments from spouliot@motus.com on 2002-01-17 (www-xkms@w3.org from January 2002)

From: <spouliot@motus.com>
Date: Thu, 17 Jan 2002 08:46:42 -0500
To: www-xkms@w3.org
Message-ID: <OF9E8F09EE.62B35AC3-ON85256B44.0048ECA7@motus.qc.ca>

Here are my comments...


2.1.12.   "Support for legacy formats such as PKCS#10 and PKCS#7 should be
defined."

     add "but their support MUST be optional".


2.2.3     "Individual elements of XML Key Management protocol messages will
not be encrypted."

     Current implementation encrypt the Private element (containing the
Private key).
     Is this really a requirement or more a wish (i.e. "should not" in
place of "will not") ?


2.3.5.    I assume that this is about registring multiple keys (multiple
usage) for a single user ? As written this could be confused with bulk
registration (2.3.7).


2.4. Should we split this section between the
     - out of scope for XKMS
     - out of scope for the initial specification of XKMS ?
     Or does everyone agree about which items will never gets into XKMS ?
(i doubt)


2.4.7.    "Authorization and Authorization Assertions"

     Must be "Authentication and Authorization Assertions" ?


2.4.14.   Private key retrieval is out of scope here but a requirement in
3.1.1


2.4.16    "XML Key Management of symmetric keys."

     The introduction says that "it is a goal of XML key management to
support the key management requirements of XML Encryption". AFAIK XMLEnc
deals with both symmetric as asymmetric keys.
     If this is out of scope for XKMS then the introduction should be
modified to specify "public key management", else (if this is out of scope
for the initial specification of XKMS) we should make the requirements (and
other documents) neutral about the keys.


3.1.1.    Private key retrieval is a requirement but out of scope 2.4.14.


3.4.1.    "Exclusive Canonicalization support is required to..."

     What's the status of the document ? The reference points to an undated
(october 2001) draft ? Is there a conflict between the EC and XKMS schedule
?


--------------------------------------------------------------
Sébastien Pouliot
Architecte Sécurité / Security Architect
Motus Technologies
tel: 418 521 2100 ext 307
courriel / email: spouliot@motus.com

Received on Thursday, 17 January 2002 08:46:30 UTC