[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ebxml-msg] Investigation Required: Trusted Timestamp
I looked at DSS TC core document which is a lot farther along than when I last looked. But, at the end the document says: 13) Should we add a WSS Security Binding? Resolution: not now They do have a SOAP binding for their request and response messages. [They even have CMS support. Woohoo.] I am uncertain whether an intermediary could provide the service along the SOAP path. Was that ever in the requirements for ebMS? I hope not but don't know whether we got very specific requirements from endusers early on in ebMS. Possibly we need to sharpen those up by asking various constituencies. So it is probably a good idea to find out when the DSS TC thinks it will finish up with the core spec. I agree we should add it to the mix somehow. Maybe we should call it a SOAP payload processing service and give the topic to Matt? Dale -----Original Message----- From: Pete Wenzel [mailto:pete@seebeyond.com] Sent: Thursday, May 20, 2004 10:41 AM To: ebxml-msg@lists.oasis-open.org Subject: Re: [ebxml-msg] Investigation Required: Trusted Timestamp Add to the mix the OASIS Digital Signature Services TC, which has as part of its charter: "[T]he TC will develop an XML-based protocol to produce cryptographic time stamps that can be used for determing whether or not a signature was created within the associated key's validity period or before revocation. This is required as part of the signature verification algorithm." Such a protocol is outside our scope, but presumably they have defined a signed timestamp element that could be inserted into a message. Does ebMS have a delegate to the Security Joint Committee? We might poll them to get opinions on this. --Pete Thus spoke Dale Moberg (dmoberg@cyclonecommerce.com) on Thu, May 20, 2004 at 09:00:17AM -0700: > I have looked at Internet X.509 Public Key Infrastructure Time-Stamp > Protocol (TSP) http://www.ietf.org/rfc/rfc3161.txt > > But I haven't seen anyone saying how or whether SOAP based > communications makes use of (or more likely reinvents) the above > service. > > WSS does have a time stamp element, but I don't think it is geared to > provide independent assurance that data existed before a given time > like RFC 3161 does. > > Should we reference RFC 3161? Maybe ask WSS TC if they plan on taking > this topic up sometime? Anyway I don't think there is any standard > that has a lot of traction yet. Google showed that > there could be some products out there that provide RFC 3161 support. > > > -----Original Message----- > From: Matthew MacKenzie [mailto:mattm@adobe.com] > Sent: Thursday, May 20, 2004 6:04 AM > To: ebxml-msg@lists.oasis-open.org > Subject: [ebxml-msg] Investigation Required: Trusted Timestamp > > > 2.0 says: > > > "At the time of this specification, services offering trusted > timestamp capabilities are becoming available. Once these become more > widely available, and a standard has been defined for their use and > expression, these standards, technologies and services will be > evaluated and considered for use in later versions of this > specification." > > > 3.0 should say: > > ? -- Pete Wenzel <pete@seebeyond.com> Senior Architect, SeeBeyond Standards & Product Strategy +1-626-471-6311 (US-Pacific) To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/ebxml-msg/members/leave_wor kgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]