W3C home > Mailing lists > Public > www-xkms@w3.org > March 2002

<Reason> element

From: Yassir Elley <yassir.elley@sun.com>
Date: Mon, 11 Mar 2002 17:28:21 -0500
Message-ID: <3C8D2F85.E9272B1A@sun.com>
To: www-xkms@w3.org
1) As the spec indicates, the Reason element needs to be incorporated into
the schema. Currently, this should probably be added to KeyBindingType
(although it should really be in ValidateResponse).

2) There is also currently no schema definition for this element.

3) I would recommend re-naming the "Status" aspect to be "RevocationStatus"
so that it is not confused with other stuff like the AssertionStatus or Status elements.

4) In the Description of the first three aspects, the word "assertion" is used in
a confusing manner.

5) It is also unclear why this is in the section on Common Data Elements, since
this is presumably only relevant for Validate (and not Locate).

6) I am confused by the "Signature" aspect defined for the Reason element.
"Signature on signed data provided by the client in the <ds:KeyInfo> element
(e.g. X509Data element) was successfully verified."
X.509 Equivalent:
"Certificate Signature verified"

What does this mean?
Is the client including arbitrarily signed data (e.g. a signed XML document)
in the request that he wants the service to verify?

I do not think X-KISS includes the functionality of allowing the client to
send over a signed XML document and having the trust service verify the
signature on the document and return a "Valid" Assertion status along with
a "Signature" Reason. Am I missing something here?

Received on Monday, 11 March 2002 17:32:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:38 UTC