[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-cppa] Certificate Element under PartyInfo
With the emergence of Certificates that form the set of TrustAnchors (or trusted roots) in the SecurityDetails, the possibility arises that the same Certificates may be used in distinct PartyInfos in the CPA. So an opportunity for reuse (much like that of Packaging) arises. It may not be worth it. However, ds:KeyInfos can be large items (base 64 encodings of entire certificate chains, maybe 2 to 6 K range), it may be worth raising the Certificate element sequence up to just under the root elements-- /CollaborationProtocolProfile or /CollaborationProtocolAgreement. While thinking about how large these items are, should we also generalize Certificate to be either a ds:KeyInfo or a URI for retrieval? If so, what forms of URI should be allowed? Should any exotic URIs for PKIX protocols be included? Should we avoid requiring or promoting any Cert access method and just leave it as anyURI? I think it is worthwhile thinking about just what implementations would be expected to support for these URIs in terms of access (ftp, http, ldap, etc etc). Thanks, Dale (Working on 1.1 Security updates)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC