W3C home > Mailing lists > Public > www-xkms@w3.org > February 2004

Re: XKMS; where's the Web?

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 11 Feb 2004 19:16:48 -0500 (EST)
To: Mark Baker <distobj@acm.org>
Cc: "www-xkms@w3.org" <www-xkms@w3.org>
Message-ID: <Pine.LNX.4.44L0.0402111911580.10339-100000@smtp.datapower.com>

> URIs aren't used for important resources

Such as?  Most of the resources -- policy, etc., -- must be covered by
a signature.  There's no way to sign an HTTP protocol element.

> nor is HTTP GET used for
> retrieving data.  Are you familiar at all with the TAG's work, where
> they have, for example, recommended that GET be used whenever you're
> "asking a question", or "performing a query"[1]?

Please show how you could "pluck out" a dsig:KeyInfo element,
and encode it into a URL in such a way that it stands a chance
of working?  If, for example, I am asking about the validity of
a certificate where the key is 1K, then the query string will be
at least (cert at least 200 bytes, plus 1K subject key + 1K CA
signature)*4/3 for base64, and you get a URL that is roughly 3000
bytes long.

Perhaps the TAG needs to consider GET with body-content.

> It seems that XKMS is a "Web services" effort, which is ok in that Web
> services are happening, in part, at the W3C.  But they also have some
> serious architectural problems in their current form, and XKMS* seems to
> have embraced many of their worst practices ... at least IMHO.

Thanks for sharing.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 11 February 2004 19:17:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:07:25 UTC