W3C home > Mailing lists > Public > www-xkms@w3.org > March 2002

Authenticating messages RE: Hierarchy etc.

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 6 Mar 2002 14:31:04 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F4058699D0@vhqpostal.verisign.com>
To: "'www-xkms@w3.org'" <www-xkms@w3.org>
On the hierarchy front, it sealy is useful to use the extension mechanism,
which actually I discovered I had already used in the spec. This is
particularly important when we get to supporting X-Bulk.

I think it is very important to allow implementations to design the message
reception and authentication handlers in a modular way and avoid unnecessary
code duplication.

There is however a problem with adding signatures into messages by default.
There are only two mechanisms that XML appears to support cleanly:

1) Put a detached signature in the SOAP header

2) Use an enveloped signature in the body of the message:

<complexType name="MessageAbstractType" abstract="true">
	<sequence>
		<element ref="ds:Signature" minOccurs="0"/>
	</sequence>
</complexType>

<complexType name="RequestAbstractType" abstract="true">
	<complexContent>
		<extension base="xkms:MessageAbstractType">
			<sequence>
				<element ref="xkms:RespondWith"
minOccurs="0" maxOccurs="unbounded"/>
			</sequence>
			<attribute name="MajorVersion"
type="positiveInteger" use="required"/>
			<attribute name="MinorVersion" type="integer"
use="required"/>
			<attribute name="ResponseLimit" type="integer"
use="optional"/>
			<attribute name="Service" type="anyURI"
use="required"/>
		</extension>
	</complexContent>
</complexType>

<complexType name="ResultAbstractType" abstract="true">
	<complexContent>
		<extension base="xkms:MessageAbstractType">
			<sequence>
				<element ref="xkms:Result"/>
			</sequence>
			<attribute name="MajorVersion"
type="positiveInteger" use="required"/>
			<attribute name="MinorVersion" type="integer"
use="required"/>
		</extension>
	</complexContent>
</complexType>

The problem is that WSDL needs to key off the top level element as
specifying whether an element is a  Request or Response method. So burying
the request type one layer down is an own goal.

I prefer to go for (1), although I can live with (2).

		Phill



Received on Wednesday, 6 March 2002 17:30:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:38 UTC