W3C home > Mailing lists > Public > www-xkms@w3.org > November 2004

Re: Current XKRSS test cases

From: Guillermo Álvaro Rey <alvarorg@cs.tcd.ie>
Date: Fri, 26 Nov 2004 13:19:36 +0000
To: Tommy Lindberg <tommy.lindberg@gmail.com>
Cc: XKMS WG <www-xkms@w3.org>
Message-Id: <1101475176.8698.74.camel@lamb.dsg.cs.tcd.ie>
> > I am also in favour of not stating the shared secrets for authentication.
> How you distribute the shared secret is out of scope in XKMS so we
> need to be agile in this matter.  In my case, I have web ui that
> allows for a single click generation of shared secrets for all
> purposes.  However, I recognise that some people are concerned about
> automation and I am therefore prepared to use a hardcoded shared
> secret (e.g. "secret") *as long as* we assign a name to that key, for
> use in e.g. a KeyBindingAuthentication.Signature.KeyInfo.KeyName
> element.
> The ideal thing would be to use a shared secret exctly once - this is
> after all the specifications intention.  Consequently,  implementors
> may have taken design decisions to prevent multiple usages of a single
> shared secret. In the light of this, I have prototyped a "service" 
> through which a client can programmatically obtain a set of shared
> secrets.  It consists of some minimal request/result markup.  This too
> is out of XKMS scope, but can be implemented with minimal effort.
> How do people feel about the two options?

Hi Tommy,

I can live with either solution or keep working like now, copying the
shared secrets each time, as long as the number of tests is not huge
(that won't be!).

 - -Guillermo
Received on Friday, 26 November 2004 13:19:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:07:28 UTC