[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ebxml-msg] Investigation Required: Trusted Timestamp
I looked at DSS TC core document which is a lot farther along than when___________________________
I last looked.
But, at the end the document says:
13) Should we add a WSS Security Binding?
Resolution: not now
They do have a SOAP binding for their request and response messages.
[They even have CMS support. Woohoo.]
I am uncertain whether an intermediary could provide the service along
the SOAP path. Was that ever
in the requirements for ebMS? I hope not but don't know whether we got
very specific requirements
from endusers early on in ebMS. Possibly we need to sharpen those up by
asking various constituencies.
So it is probably a good idea to find out when the DSS TC thinks it will
finish up with the core spec.
I agree we should add it to the mix somehow. Maybe we should call it a
SOAP payload processing service
and give the topic to Matt?
Dale
-----Original Message-----
From: Pete Wenzel [mailto:pete@seebeyond.com]
Sent: Thursday, May 20, 2004 10:41 AM
To: ebxml-msg@lists.oasis-open.org
Subject: Re: [ebxml-msg] Investigation Required: Trusted Timestamp
Add to the mix the OASIS Digital Signature Services TC, which has as
part of its charter:
"[T]he TC will develop an XML-based protocol to produce cryptographic
time stamps that can be used for determing whether or not a signature
was created within the associated key's validity period or before
revocation. This is required as part of the signature verification
algorithm."
Such a protocol is outside our scope, but presumably they have defined a
signed timestamp element that could be inserted into a message.
Does ebMS have a delegate to the Security Joint Committee? We might
poll them to get opinions on this.
--Pete
Thus spoke Dale Moberg (dmoberg@cyclonecommerce.com) on Thu, May 20,
2004 at 09:00:17AM -0700:
I have looked at Internet X.509 Public Key Infrastructure Time-Stamp
Protocol (TSP) http://www.ietf.org/rfc/rfc3161.txt
But I haven't seen anyone saying how or whether SOAP based
communications makes use of (or more likely reinvents) the above
service.
WSS does have a time stamp element, but I don't think it is geared to
provide independent assurance that data existed before a given time
like RFC 3161 does.
Should we reference RFC 3161? Maybe ask WSS TC if they plan on taking
this topic up sometime? Anyway I don't think there is any standard
that has a lot of traction yet. Google showed that
there could be some products out there that provide RFC 3161 support.
-----Original Message-----
From: Matthew MacKenzie [mailto:mattm@adobe.com]
Sent: Thursday, May 20, 2004 6:04 AM
To: ebxml-msg@lists.oasis-open.org
Subject: [ebxml-msg] Investigation Required: Trusted Timestamp
2.0 says:
"At the time of this specification, services offering trusted
timestamp capabilities are becoming available. Once these become more
widely available, and a standard has been defined for their use and
expression, these standards, technologies and services will be
evaluated and considered for use in later versions of this
specification."
3.0 should say:
?
--
Pete Wenzel <pete@seebeyond.com>
Senior Architect, SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_wor
kgroup.php.
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]