New schema support and new features from Tommy Lindberg on 2004-11-19 (www-xkms@w3.org from November 2004)

From: Tommy Lindberg <tommy.lindberg@gmail.com>
Date: Fri, 19 Nov 2004 22:55:44 +0000
To: XKMS WG <www-xkms@w3.org>
Message-ID: <18ec59cc0411191455e77667a@mail.gmail.com>

This is a quick note to announce support for the new schema
in my XKMS implementation.

The currently deployed version also includes the following
new features:

1) Support for RetrievalMethod in XKISS.

Currently this is for the http method alone and only for raw
X509 certificates. Transforms, if present, are ignored.

In order to facilitate testing I have put up the following certs at 
http://62.77.172.83:4080/certs/

  rsa-root-cert.der
  rsa-alice-at-example-cert.der
  rsa-bob-at-example-cert.der
  rsa-eric-at-example-cert.der
  rsa-ralph-at-example-cert.der

As an example, the following markup will dereference Alice's cert

  <ds:RetrievalMethod
    Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate"
    URI="http://62.77.172.83:4080/certs/rsa-alice-at-example-cert.der" />

2) On the fly X509CRL generation if RespondWith so indicates.

3) Preliminary support for PGP artefacts.

All the keyholders in the (now out of date and soon to be updated) sample 
message bundle have PGP key pairs of which the public key part and the
key ID can be retrieved through XKISS.

As regards XKRSS, Registration and Reissuance will produce PGP public keys
and key id's if this is indicated in UseKeyWith. 

PGPData can also be used in KeyInfo to carry the verification key for any
signed XKMS request.

Regards
Tommy

Received on Friday, 19 November 2004 22:56:15 UTC