[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ebcore] Informal ebCore meeting and next steps for CPPA3
On 29-06-17 16:03, Pim van der Eijk wrote:
Currently known open items are:
The first of these issues has been addressed in an update to the schema and specification that I will upload in a week or so. There are two types of additions:
1) Support for certificate policies.
2) Support for constraints on presence of leaf certificates
On the first, the draft schema optionally include certificate policy sets, which contain policies identified by OID.
These sets can be refenced in CPPs for use with signing, encryption, client or server TLS. For example, a party can express a reference to a set of policies to be used for signing certificates using a SigningCertificatePolicySetRef.
On the second, I'm proposing additional elements to allow parties to express whether specific types of leaf certificates are expected to be specified for particular channels or transports. These constraints can be validated in CPA formation. As the constraints may vary from certificate type to type, from channel to channel and from transport to transport, they can be specified at separately for the concerned channels or transports.
Each of the types can has specified reasonable default values in
processing, so that CPPA3 documents that do not use any of the
features are not unnecessarily complicated and can be very
succinct. This feature provides a lot of flexibility for
expressing different capabilities of messaging protocols, profiles
and implementations. It allows many common types of profiling to
be expressed in a machine-readable format.
Comments always welcome ...