OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ebxml-msg] Investigation Required: Trusted Timestamp

I looked at DSS TC core document which is a lot farther along than when
I last looked. 

But, at the end the document says:
13)	Should we add a WSS Security Binding?
Resolution:  not now

They do have a SOAP binding for their request and response messages. 
[They even have CMS support. Woohoo.]

I am  uncertain whether an intermediary could provide the service along
the SOAP path. Was that ever
in the requirements for ebMS? I hope not but don't know whether we got
very specific requirements
from endusers early on in ebMS. Possibly we need to sharpen those up by
asking various constituencies.

So it is probably a good idea to find out when the DSS TC thinks it will
finish up with the core spec.

I agree we should add it to the mix somehow. Maybe we should call it a
SOAP payload processing service
and give the topic to Matt?


-----Original Message-----
From: Pete Wenzel [mailto:pete@seebeyond.com] 
Sent: Thursday, May 20, 2004 10:41 AM
To: ebxml-msg@lists.oasis-open.org
Subject: Re: [ebxml-msg] Investigation Required: Trusted Timestamp

Add to the mix the OASIS Digital Signature Services TC, which has as
part of its charter:

  "[T]he TC will develop an XML-based protocol to produce cryptographic
  time stamps that can be used for determing whether or not a signature
  was created within the associated key's validity period or before
  revocation. This is required as part of the signature verification

Such a protocol is outside our scope, but presumably they have defined a
signed timestamp element that could be inserted into a message.

Does ebMS have a delegate to the Security Joint Committee?  We might
poll them to get opinions on this.


Thus spoke Dale Moberg (dmoberg@cyclonecommerce.com) on Thu, May 20,
2004 at 09:00:17AM -0700:
> I have looked at Internet X.509 Public Key Infrastructure Time-Stamp 
> Protocol (TSP) http://www.ietf.org/rfc/rfc3161.txt
> But I haven't seen anyone saying how or whether SOAP based 
> communications makes use of (or more likely reinvents) the above 
> service.
> WSS does have a time stamp element, but I don't think it is geared to 
> provide independent assurance that data existed before a given time 
> like RFC 3161 does.
> Should we reference RFC 3161? Maybe ask WSS TC if they plan on taking 
> this topic up sometime? Anyway I don't think there is any standard 
> that has a lot of traction yet. Google showed that
> there could be some products out there that provide RFC 3161 support.
> -----Original Message-----
> From: Matthew MacKenzie [mailto:mattm@adobe.com]
> Sent: Thursday, May 20, 2004 6:04 AM
> To: ebxml-msg@lists.oasis-open.org
> Subject: [ebxml-msg] Investigation Required: Trusted Timestamp
> 2.0 says:
> "At the time of this specification, services offering trusted 
> timestamp capabilities are becoming available. Once these become more 
> widely available, and a standard has been defined for their use and 
> expression, these standards, technologies and services will be 
> evaluated and considered for use in later versions of this 
> specification."
> 3.0 should say:
> ?

Pete Wenzel <pete@seebeyond.com>
Senior Architect, SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)

To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]