- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 6 Mar 2002 19:32:41 -0500
- To: Rich Salz <rsalz@zolera.com>
- Cc: stephen.farrell@baltimore.ie, www-xkms@w3.org
On Wednesday 06 March 2002 18:49, Rich Salz wrote: > > Learning what the concepts of Retrieve, Locate, and Validate is not > > difficult. However, they are rather arbitrary tokens (e.g., collision > > on validate) and what one is actually doing is sending a request and > > asking for some information. Let the query state what is being asked > > for: the key value, KeyInfo, KeyInfo and trust information. > > I can understand the surface appeal, but I believe the semantics are so > different, and so well-understood by the security community, that this > would be a bad idea. Yikes! I rarely find consistent usage of terms such as validate and verify, to speak nothing of "well-understood" and agreed upon. <grin/> Regardless, please note that my request that the query and respond both be prototyped based structures, using NS qualified and XML typed structures -- which the query already is, is distinct from whether we replace the <Validate> and <Locate> tag with a single <Request> tag. I'm arguing that getting rid of it would be natural result of cleaning up the <Respond>. But since you mention semantics, let's examine that. What are the special semantics associated with the token "ds:RetrevalMethod", "Locate", and "Validate"? "ds:RetrevalMethod" -- asks for a binary key structure. "Locate" -- asks for a XML key structure. "Validate" -- asks for a XML key structure and KeyBinding statements. These are all requests for particular bits of data. If the data requested is explicitly asked for, I'm not aware of any additional processing or behavior required by the client or server because of its wrapped in a Validate tag. The only argument I *can* see is that maybe someone would want to ask three different sorts of questions: 1. JoeBlow returns a KeyValue and a ValidityInterval that have nothing to do with each other. (Don't know of what use this would be.) 2. JoeBlow returns a KeyValue and a ValidityInterval and is saying these are both statements about a single key: they are "bound." (This is always the presumption of XKMS I think, so I don't see the need to be singled out.) 3. JoeBlow returns a KeyValue and a ValidityInterval that Sally says are bound; Joe is just "quoting" that and forwarding it on. (I don't think XKMS accommodates this and I don't believe it needs to.) So, if I'm going to ask you for a key and some KeyBinding information, what essential semantic is served by the addition of the <Validate> syntax that affects the client or server behavior, or the import of the message? -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Wednesday, 6 March 2002 19:32:44 UTC