[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Analysis of the submitted materials on timestamp token syntax
Colleagues - I have reviewed the paper by Apvrille and Girier. The concern it raises is not relevant to our situation. It concludes that DER and XER are unsuitable and that what is needed is a new - XML only - protocol. Good job - that's what we are working on. Below, I have extracted some of the issues it raises and expressed them in terms of our own document suite. All the best. Tim. Notes ... Core protocol The core protocol will define how to request and return tokens. Tokens include signature tokens and timestamp tokens. (Open issue: whether a token of each type can be obtained by a single request.) Signature tokens may include a time-mark. An open element definition will be used to carry the token, accompanied by a type indicator attribute. Profiles The exact syntax of a token varies by profile. Some profiles define binary tokens; others define XML tokens. Candidate profiles include: CMS, XML Dsig and WS-Security. Time mark A "time-mark" is simply the date and time included in a signature token within the scope of the signature. There must be a single, clear, semantic associated with this time. For instance, it could be a value that is not earlier (according to the effective precision) than the time at which the request was fully received by the timestamp authority and not later than the time at which the response will be returned. The semantic shall not be modified by policy, accuracy or other qualifiers. The timestamp authority may guarantee that time values will be assigned to requests according to the order in which they are received. This does mean that two requests could be assigned the same time value. This could be a matter of policy. Each profile must define how the time is placed in the signature token, for each placement type (detached, enveloped and enveloping). In the case of XML tokens, where the format of the time is not specified in the standard, being profiled, following the example of XAdES, the XML schema datatype definition "dateTime" can be used to express time. We may have to profile the use of this datatype. (Whose time-zone should be indicated, for instance. Or should we use the canonical form relative to Universal Coordinated Time with no time-zone indication?). Timestamp A time-stamp is a self-contained token distinct from the signature token. For the benefit of profile writers, the core document must define the characteristics of a sound timestamp token (e.g. the time and digest must both be in the scope of the signature). But, each profile must define the syntax of the timestamp token in a way that is consistent with the data structure definitions of the profile. Amongst other things, the timestamp token will include the time and it should use the same datatype definition for time as the time-mark. ----------------------------------------------------------------- Tim Moses 613.270.3183
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]