- From: Tommy Lindberg <tommy.lindberg@gmail.com>
- Date: Mon, 6 Dec 2004 14:22:00 +0000
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: Guillermo ? Rey <alvarorg@cs.tcd.ie>, XKMS WG <www-xkms@w3.org>
> Not sure if the KeyName would be best there, I second that. It seems to me that the KeyInfo in the PrototypeKeyBinding is intended to communicate information to be bound to the key pair being registered. > So, I'd say we're ok not to change the schema for this one - > there's enough flexibility for what is probably a corner case. I am of the same opinion. > Tommy's b64 idea I can't take credit for the b64 part - this is a schema requirement :). My example is deliberatly simplified to illustrate a point - I imagine you can throw anything in there; some DER, a bit of XML etc. I think the prose could be clearer: - while the schema allows for NotBoundAuthentication be used in any XKRSS message section 7.1.3 paragraph says that NotBoundAuthentication is for registration only. - section 7.1.5 paragraph [296] makes liberal use of the phrase "limited use shared secret" ; I don't like the innuendo of that and suggest that replacing this with simply "authentication data" would be more appropriate. Sure, using a limited use shared secret even as per section 8.1 may well be part of the Protocol, but this is specified by the Protocol and therefore out of scope in this spec. Regards Tommy On Mon, 06 Dec 2004 13:49:27 +0000, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Tommy, Guillermo, > > Not sure if the KeyName would be best there, since I'd rather > keep the key and auth-id names separate, but in any case, > there's Tommy's b64 idea or how about "secret+sfarrell@cs.tcd.ie" > (like people use to filter emails). I could also imagine using > (whatever's the official term for) a CGI parameter in the URI > itself ("http://www.cs.tcd.ie/secrets?u=sfarrell"). > > So, I'd say we're ok not to change the schema for this one - > there's enough flexibility for what is probably a corner case. > > Stephen. > > > > Guillermo Álvaro Rey wrote: > > > El lun, 06-12-2004 a las 00:14, Tommy Lindberg escribió: > > > >>/How is the shared secret "holder" in an NotBoundAuthentication intended to be > >>identified?/ > >> > > > > Hi Tommy, > > > > I would say that the key name could be specified in the KeyInfo element > > in the PrototypeKeyBinding, avoiding the need for a change in the schema > > regarding NotBoundAuthentication. > > > > Regards, > > - -Guillermo > > > >>/Apart from altering the schema (adding a "Name" attribute) the only > >>reasonable option seems to be, to combine these two pieces of > >>information and include their base64 encoding in the Value attribute. > >> > >>For example, a protocol defined out of scope to XKMS and identified by the URI > >>urn:example-protocol:username-password specifies that the Value > >>attribute carries > >>a username/password pair separated by a ':' would take the form of > >>the following > >>instance fragment > >> > >><NotBoundAuthentication > >> Protocol="urn:example-protocol:username-password" > >> Value="YWxpY2U6c2VjcmV0"/> > >> > >>Regards > >>Tommy/ > >> >
Received on Monday, 6 December 2004 14:26:45 UTC