[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] FW: XML Key Management Specification Last Call - need review/feed back
See the way we do that for XKMS services. Basically it would be a usekey with with the protocol specifying the URI identifier for DSS (probably the same as the schema identifier) and the address specifying the SOAP role/actor/URI/whatever it is this week. Phill > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Monday, April 21, 2003 3:05 PM > To: Robert Zuccherato; 'DSS TC' > Subject: Re: [dss] FW: XML Key Management Specification Last > Call - need > review/feed back > > > At 10:55 AM 4/21/2003 -0400, Robert Zuccherato wrote: > > >I received the following message from Shivaram Mysore, one > of the chairs of > >the XKMS WG. The XKMS specification has entered its last > call process. Are > >there any comments that we, as a TC, wish to make to the XKMS WG? > > It would be nice if the public key used by an (identified requestor / > single key pair) DSS service could be registered and located. > > For example, suppose Acme.com has a DSS service that it > trusts to sign for > Alice@Acme.com. Suppose this DSS service has a single key > pair, and when > it signs, it adds "Alice@Acme.com" as a signed attribute to > identify the > requestor. > > You'd like to be able to query the Acme.com XKMS service for > Alice@Acme.com, and retrieve the DSS service's key. However, > the XKMS > service wouldn't want to say "this is Alice's signature key", > cause that's > untrue - you can't assume everything signed by this key is from > Alice. Instead, the XKMS service would need to say "this is Alice's > *delegated* signature key", indicating that if you receive a > signature > signed by this key *and* with Alice's name as a signed > attribute, only then > you should assume the signature was produced under Alice's control. > > I think this could be done by adding a new > "DelegatedSignature" value to > the <KeyUsage> element: > <KeyUsage>DelegatedSignature</KeyUsage>. We could > at least ask them about something like this. > > Trevor > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]