Re: [ekmi-comment] Fwd: comments on SKSML spec

[Ken Laskey <klaskey@mitre.org>]

Arshad,

Thanks for your prompt reply.  A few points of clarification:
- SOAP 1.1 is a W3C Note as a result of a Member Submission.  It is  
not a W3C Recommendation.
- When I've asked vendors over the past few years, most were  
supporting both versions of SOAP.  I'm currently using Axis2 and that  
generates both SOAP 1.1 and 1.2 bindings in its WSDLs.  Especially for  
something that would become a standard further in the future, it would  
make sense to address both.  I recall differences between the two  
versions and I don't remember if there is a basis for complete  
backward compatibility; this is possibly true with constraints on SOAP  
1.1 from the WS-I Basic Profile.  However, it is something you should  
deal with for the spec to cover what can be considered typical use.
- I would strongly suggest a few words highlighting the symmetric vs.  
asymmetric focus.  This is not my area of expertise so I cannot make  
specific suggestions, but if there are fundamental differences with  
XKMS that go beyond the inherent differences between symmetric vs.  
asymmetric, those should be highlighted so someone implementing the  
spec is prepared to deal with what could be unexpected differences.

Ken

On Jan 13, 2009, at 8:21 PM, Arshad Noor wrote:

> Ken,
>
> Thank you for your e-mail.
>
> Your attached e-mail submitted in July 2008 explains why we never
> received it; you sent it to ekmi-comments-subscribe@lists.oasis-open.org
> as opposed to ekmi-comments@lists.oasis-open.org.  Your current e-mail
> was correctly addressed, which is why this is the first we're seeing  
> it.
>
> You make valid points in your comments.  We are aware that SOAP 1.2
> supersedes SOAP 1.1.  However, not knowing the level of adoption of
> SOAP 1.2, we deliberately stayed at SOAP 1.1 because we did not want
> to exclude existing SOAP 1.1 implementations.
>
> To the best of my knowledge, SOAP 1.2 is backwardly compatible with
> SOAP 1.1; and given that we are not ready to vote SKSML into an OASIS
> standard, your comments are not late.  Even though the public-comment
> period for SKSML has expired, we will take your comment into
> consideration and make a decision.  We can always issue an errata to
> the specification and/or update the specification before we vote on
> the standard.  If you have any supporting information showing the list
> of SOAP 1.2 implementations, that would be helpful to our process.
>
> WRT your comment on XKMS, this was addressed (to you) before the EKMI
> TC was formed, as the following URL shows:
>
> http://www.oasis-open.org/apps/org/workgroup/oasis-charter-discuss/email/archives/200611/msg00002.html
>
> However, to reiterate, SKSML is focused on provisioning and managing
> the life-cycle of symmetric encryption cryptographic keys, while XKMS
> is focused on asymmetric cryptographic keys.  So, there is no overlap.
> If you believe otherwise, please do continue to respond to this e-mail
> address with your comments.
>
> If you have other comments on SKSML, we welcome them.  Thank you for
> taking the time to review the specification and send your comments.
>
> Arshad Noor
> StrongAuth, Inc.
>
>
> Ken Laskey wrote:
>> These comments were originally submitted last July and I never  
>> received
>> a response.  In looking over the current spec, these issues still  
>> have
>> not been addressed.  These represent significant flaws and must be
>> addressed if this is ever to become an OASIS Standard.
>>
>> Ken
>>
>> Begin forwarded message:
>>
>>> *From: *Ken Laskey <klaskey@mitre.org <mailto:klaskey@mitre.org>>
>>> *Date: *July 24, 2008 11:48:27 PM EDT
>>> *To: *"ekmi-comment-subscribe@lists.oasis-open.org
>>> <mailto:ekmi-comment-subscribe@lists.oasis-open.org>"
>>> <ekmi-comment-subscribe@lists.oasis-open.org
>>> <mailto:ekmi-comment-subscribe@lists.oasis-open.org>>
>>> *Subject: **comments on SKSML spec*
>>>
>>> I have not read the spec in detail but I have the following two  
>>> early
>>> comments:
>>>
>>> 1. The spec refers in numerous places to SOAP 1.1 as a W3C
>>> recommendation.  SOAP 1.1 was a Member Submission having no specific
>>> standing as a W3C product.  The W3C Recommendation is SOAP 1.2 where
>>> SOAP no longer is an acronym expanding to Simple Object Access  
>>> Protocol.
>>> a. The SKSML specification should properly reference the SOAP specs.
>>> See Recommendations under the Deliverables section at
>>> http://www.w3.org/2000/xp/Group/#drafts.
>>> b. The SKSML specification should have a SOAP 1.2 representation.  A
>>> SOAP 1.1 representation may be an additional part of the spec for
>>> legacy applications, but SOAP 1.2 is widely enough adopted (and is
>>> included in the WS-I BP 2.0 draft) that it does not make sense to  
>>> have
>>> a new OASIS Standard supporting only SOAP 1.1.
>>>
>>> 2. This is a specification for key management but there is no
>>> explanation of how this relates to the XML Key Management
>>> Specification (XKMS) that has been a W3C Recommendation since 28  
>>> June
>>> 2005.  Such an explanation is necessary in order to properly  
>>> describe
>>> where SKSML is to be used vice XKMS.  Links to the family of XKMS
>>> Recommendations can be found at http://www.w3.org/2001/XKMS/#CurrentWork 
>>> .
>>>
>>> I hope to have the opportunity to read the full SKSML spec in time  
>>> to
>>> submit additional comments.
>>>
>>> Ken
>>>
>>> -----------------------------------------------------------------------------
>>> Ken Laskey
>>> MITRE Corporation, M/S H305      phone: 703-983-7934
>>> 7515 Colshire Drive                         fax:       703-983-1379
>>> McLean VA 22102-7508
>>>
>>>
>>>
>>>
>>>
>>
>> -----------------------------------------------------------------------------
>> Ken Laskey
>> MITRE Corporation, M/S H305      phone: 703-983-7934
>> 7515 Colshire Drive                         fax:       703-983-1379
>> McLean VA 22102-7508
>>
>>
>>
>>
>>

-----------------------------------------------------------------------------
Ken Laskey
MITRE Corporation, M/S H305      phone: 703-983-7934
7515 Colshire Drive                         fax:       703-983-1379
McLean VA 22102-7508