OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Analysis of the submitted materials on timestamp token syntax

Colleagues - I have reviewed the paper by Apvrille and Girier.  The concern
it raises is not relevant to our situation.  It concludes that DER and XER
are unsuitable and that what is needed is a new - XML only - protocol.  Good
job - that's what we are working on.  Below, I have extracted some of the
issues it raises and expressed them in terms of our own document suite.  All
the best.  Tim.





Notes ...

Core protocol

The core protocol will define how to request and return tokens.  Tokens
include signature tokens and timestamp tokens.  (Open issue: whether a token
of each type can be obtained by a single request.)  Signature tokens may
include a time-mark.  An open element definition will be used to carry the
token, accompanied by a type indicator attribute.

Profiles

The exact syntax of a token varies by profile.  Some profiles define binary
tokens; others define XML tokens.  Candidate profiles include: CMS, XML Dsig
and WS-Security.

Time mark

A "time-mark" is simply the date and time included in a signature token
within the scope of the signature.  There must be a single, clear, semantic
associated with this time.  For instance, it could be a value that is not
earlier (according to the effective precision) than the time at which the
request was fully received by the timestamp authority and not later than the
time at which the response will be returned.  The semantic shall not be
modified by policy, accuracy or other qualifiers.  The timestamp authority
may guarantee that time values will be assigned to requests according to the
order in which they are received.  This does mean that two requests could be
assigned the same time value.  This could be a matter of policy.

Each profile must define how the time is placed in the signature token, for
each placement type (detached, enveloped and enveloping).

In the case of XML tokens, where the format of the time is not specified in
the standard, being profiled, following the example of XAdES, the XML schema
datatype definition "dateTime" can be used to express time.  We may have to
profile the use of this datatype.  (Whose time-zone should be indicated, for
instance. Or should we use the canonical form relative to Universal
Coordinated Time with no time-zone indication?).

Timestamp

A time-stamp is a self-contained token distinct from the signature token.
For the benefit of profile writers, the core document must define the
characteristics of a sound timestamp token (e.g. the time and digest must
both be in the scope of the signature).  But, each profile must define the
syntax of the timestamp token in a way that is consistent with the data
structure definitions of the profile.  

Amongst other things, the timestamp token will include the time and it
should use the same datatype definition for time as the time-mark.


-----------------------------------------------------------------
Tim Moses
613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]