[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Bindings
Do we need to put it in a separate document for the bindings or could it be in the core or repeated as approprioate in the profiles? Also, I suggest that the profiles include a high level statement of what security services are required from the underlying services. Nick > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 27 January 2004 22:39 > To: Nick Pope; OASIS DSS TC > Subject: Re: [dss] Bindings > > > At 09:46 PM 1/27/2004 +0000, Nick Pope wrote: > > >I would like to highlight one issue which I not sure how it is being > >addressed: > > > >Bindings to underlying protocols and the security requirement of the > >underling service. > > > >I believe that this specifics of the bindings are best specified in the > >profile but should be common as far as possible across the profiles. > > I agree. > > > >One way to start is to put some text in the time-stamp profile > and then use > >this as the basis for bindings in the other profiles. > > The time-stamping profile draft [1] has something like that: > """ > 2.1 Transport and Security Bindings > This profile is transported using the SOAP-over-HTTPS binding of DSS > defined in ???. The client MUST authenticate the server and validate the > server's X.509 certificate chain. The server MAY authenticate the client. > """ > > I was thinking of starting a Bindings Document, that we could reference > from the "???". I would start it off with HTTP POST and TLS > bindings, and > then if someone else wants to add bindings for SOAP or WS-Security, they > could do so. > > Is that the sort of approach you were thinking of? > > Trevor > > > [1] > http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5121 /oasis-dss-1.0-timestamping-profile-spec-wd-02.pdf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]