OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] FW: XML Key Management Specification Last Call - need review/feed back

Based upon the discussion that we have seen on this topic I would like to
propose that we reply with the following:

The DSS TC would like to thank the XKMS WG for the opportunity to comment on
the Last Call Working Draft.  We have one comment related to a potential
enhancement to support our use cases.

A DSS service may produce signatures (such as XML-DSIG and CMS signatures)
for its clients - if it authenticates the client, it may attach the client's
name as a signed attribute to the signature - this way a client can produce
signatures that are associated with himself, without needing his own key
pair.

So it would be nice if a relying party can query an XKMS service on the DSS
client's name, and receive back the DSS service's key, but the XKMS client
would need to be told that this key is not in the sole possession of the DSS
client, but must be associated with the DSS client through a signed
attribute.

Two options appear feasible.  

This could be done by adding a new "DelegatedSignature" value to the
<KeyUsage> element: <KeyUsage>DelegatedSignature</KeyUsage>.  So for a given
protocol that uses signatures, an XKMS client could query for
<KeyUsage>DelegatedSignature</KeyUsage> as well as 
<KeyUsage>Signature</KeyUsage>.  This is simple, but would require a change
to XKMS.

Alternatively, the same an extra application URI could be defined for the
<UseKeyWith> element, for every protocol that uses signatures, to denote the
delegated signature version.  This requires the definition of an extra URI
for each protocol that uses signatures and thus seems more difficult to
support, in general.  It would not require a change to XKMS though.

Thanks,

	Robert Zuccherato.

> -----Original Message-----
> From: Robert Zuccherato [mailto:robert.zuccherato@entrust.com] 
> Sent: Monday, April 21, 2003 10:56 AM
> To: 'DSS TC'
> Subject: [dss] FW: XML Key Management Specification Last Call 
> - need review/feed back
> 
> 
> I received the following message from Shivaram Mysore, one of 
> the chairs of
> the XKMS WG.  The XKMS specification has entered its last 
> call process.  Are
> there any comments that we, as a TC, wish to make to the XKMS WG?
> 
> 	Robert.
> 
> > -----Original Message-----
> > From: Shivaram Mysore [mailto:Shivaram.Mysore@Sun.COM]
> > Sent: Friday, April 18, 2003 5:42 PM
> > To: robert.zuccherato@entrust.com; cruellas@ac.upc.es
> > Cc: Shivaram.Mysore@Sun.COM; stephen.farrell@baltimore.ie
> > Subject: XML Key Management Specification Last Call - need
> > review/feedback
> > 
> > 
> > Dear Chair,
> > 
> > I am sending this to you so that we can get feedback from 
> > Digital Signature 
> > Services  TC.
> > 
> > On behalf of the XML Key Managment Service WG [XKMS-WG], we are 
> > pleased to announce the publication of the "XML Key 
> > Management Specification" 
> > Last Call Working Draft.  This is one of the deliverables of 
> > the WG.  The 
> > document address is:
> > 
> >   http://www.w3.org/TR/2003/WD-xkms2-20030418/Overview.html
> >   http://www.w3.org/TR/2003/WD-xkms2-bindings-20030418/Overview.html
> >   
> > The Last Call review period will end on 23 May, 2003. Please 
> > send review 
> > comments by that date to the editor - pbaker@verisign.com and cc: 
> > www-xkms@w3.org
> > 
> > Please let us know by May 02 if you are able to provide 
> > feedback by May 23, the 
> > close of Last Call. If you do not think review is necessary 
> > (e.g., there are no 
> > actual dependencies), or your comments will not be ready by 
> > May 23, please let 
> > us know that by May 02 as well.
> > 
> > 
> > [XKMS-WG]  http://www.w3.org/2001/XKMS
> > 
> > Thank you,
> > 
> > /Shivaram Mysore
> > Co-Chair, W3C XKMS WG
> > ______________________________________________________________
> > _____________
> > Shivaram H. Mysore <shivaram.mysore@sun.com>
> > 
> > Software Engineer 				Co-Chair, W3C's XKMS WG	
> > Java Card Engineering				
> http://www.w3.org/2001/XKMS
> JavaSoft, Sun Microsystems Inc.	
> 
> Direct: (408)276-7524
> Fax:    (408)276-7674
> 
http://java.sun.com/people/shivaram  (Internal: http://mysore.sfbay/)
___________________________________________________________________________

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]