> What is #3 Add "UseKeyWith" element?
Agreed at the F2F, it is an element that allows you to say 'use this key to
send S/MIME email to alice@blab.co.uk
<UseKeyWith Protocol="urn:ietf:rfc:rfc2666">
<Subject xsi:type="anyURI">mailto:alice@blab.co.uk</Subject>
</UseKeyWith>
> As for #4, add Service URI element: Do you mean to all requests? If
> so, yes. Should be in reply, too? I dunno.
This is agains something that might profitably be pushed into the SOAP
layer, although perhaps not since it would complicate the signature and we
might well want to say that the service URI is the logical URI of the
service, the responder can decide to accept messages originally sent
elsewhere if it chooses.
> > [I-PayloadAuth]
> Put another way: enveloped or detached signatures, right?
It is a bit more than that since we could have a detached sig in our request
message or define a SOAP header.
I much prefer using a SOAP header, it is a much more reusable mechanism. But
we may end up implementing ws-security that route.
> > [I-FaultHandling]
> > We need to address this, how is XP getting on here?
> What do you want to know? (I'm on the xmlp wg :)
Are they getting anywhere? Is their current spec firm enough for us to build
on? What timescale could we realistically expect them to deliver a spec in
(as opposed to their alleged milestones)?