OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Datetime for ds:Signature

XRD spec 2.2.2 

2.2.2. Element <Expires>

This xs:dateTime value indicates the time instant after which the document is no longer valid and must not be used. The value must use the UTC "Z" time zone and must not use fractional seconds. In addition to this explicit expiration instant of the document, XRD consuming applications should comply with the caching rules of the transport protocol used to retrieve the XRD.

The following schema fragment defines the <Expires> element:

Expires = element Expires {
    other.attribute *,
    xs:dateTime
}

I think this is sufficient.

There is no expires in the signature itself unless we make something up,  and that is probably a bad idea.

John B.

On 10-Aug-09, at 7:22 PM, Breno de Medeiros wrote:

Since XML signature provides for an expires, it should be sufficient
for the XRD use case.

I am not sure what JonhB refers to by "expires time for the XRD". If
you mean caching directives, that is not sufficient. The expiration
time should be part of the signed statement. Fortunately, it already
is, as per the XML DSig spec.

On Mon, Aug 10, 2009 at 6:59 PM, John Bradley<jbradley@mac.com> wrote:
If I have a expires tome for the XRD isn't that enough?
Why do I care when it was signed?
I am trying to avoid changing anything around the signature processing
without a very good reason.
John B.
On 10-Aug-09, at 6:54 PM, Nat Sakimura wrote:

There is Expires, but no creation date, if I am reading the draft correctly.

=nat

John Bradley wrote:

Don't we have timestamps and other caching info at the XRD level?

I have have a hard time seeing the value of duplicating that in the
signature itself.

John B.
On 10-Aug-09, at 7:21 AM, Scott Cantor wrote:



Nat Sakimura wrote on 2009-08-10:


Do we need a datetime for the signature?


Signature timestamps are a pretty "deep" topic, it's definitely not as
simple as it seems.

In any case, there's a relevant draft making its way through the W3C.

http://www.w3.org/TR/2009/WD-xmldsig-properties-20090430/

-- Scott



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php








--
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]