[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: new docs
Hi DSS, I updated the core document and the time-stamping profile, and made a "template" profile separate from the time-stamping profile. Changes to core: - HTTP POST "transport binding" - TLS "security bindings" - <Language> optional input so the client can request the language to be used for localized strings. Questions: - are these the only bindings we need? - TLS is actually several security bindings, depending on the type of authentication. In addition to server-authenticated X.509 and mutual-authenticated X.509, support for SRP password authentication [1] was added. This might be controversial. It seems useful for our use cases where the server was signing on behalf of a client because the client doesn't have its own private key and cert. However, TLS/SRP is still an internet-draft, there's only a couple implementations so far, and there's some IPR questions (though these have mostly cleared up IMO, since the SRP patent issued some months ago). http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5291/oasis-dss-1.0-core-spec-wd-11.doc http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5292/oasis-dss-1.0-core-spec-wd-11.pdf http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5297/oasis-dss-1.0-core-schema-wd-11.xsd Here's a new "template" that we could use for profiles. http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5293/oasis-dss-1.0-profiles-XYZ-spec-wd-01.pdf http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5294/oasis-dss-1.0-profiles-XYZ-spec-wd-01.doc The structure was changed to make it easier to have profiles that only profile particular things. In particular, it has separate sections for protocol profiles, processing profiles, and signature profiles, so you only need to fill in the relevant parts. It's still not that fleshed out though. As for the time-stamping profile, http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5295/oasis-dss-1.0-profiles-timestamping-spec-wd-03.pdf http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5296/oasis-dss-1.0-profiles-timestamping-spec-wd-03.doc there were 2 remaining questions about it: 1) what type of signature object should it deal with? (<Timestamp> - Trevor, <XMLTimeStampToken> - Nick) 2) is a secure binding needed, or is verifying the signature good enough (binding is a good idea - Trevor; not necessary - Nick) As for (1), this document reflects my thinking, but Nick's approach could just be a profile of this profile - i.e., it would just add a "signature profile" to nail down the type of signature object supported. As for (2), um... the document reflects my thinking too. Well, I'm writing it, what do you expect :-). Hopefully other people can think about this and express opinions, so we can have a better basis for a decision... Trevor [1] http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-06.txt
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]