Re: [ekmi] My slip-up and an update

[Arshad Noor <arshad.noor@strongauth.com>]

There is an element that tells you exactly that, Anil; the
GlobalKeyID.  If this element has zeros for the ServerID
and KeyID (10514-0-0), that tells you the same thing as
create="true".

There can be no key in the SKMS with a GKID that contains
0-0 for ServerID-KeyID, so this becomes a natural indicator.
For all other requests (for existing keys), these values will
be non-zero.

The advantage in having the GKID be the indicator for a new
or existing key, is that the server does not have to parse
for any other element or attribute.

Arshad

Anil Saldhana wrote:
> I really really want to see an xml element or an attribute that tells me 
> when I read the payload, that it is for a new sym key request.
> 
> So, you can certainly have something like:
> 
> <SymkeyRequest create="true"
> 
> Now if the sym key does not exist, one will be created. If it already 
> exists, the create attribute is ignored and a the key is returned.
> 
> Arshad Noor wrote:
>> We could do this.  Under this scheme, there would be three
>> kinds of SKSML messages (actually 5, but I'm ignoring the
>> KeyCachePolicy messages for the discussion):
>>
>> 1) NewSymkeyRequest (for new symmetric keys)
>> 2) SymkeyRequest (for existing symmetric keys)
>> 3) SymkeyResponse
>>
>> Under the older scheme, there would be 2 kinds of messages:
>>
>> 1) SymkeyRequest (for new and existing symmetric keys)
>> 2) SymkeyResponse
>>
>> Personally speaking - and being a bit of a minimalist - I'd prefer to 
>> stay with the 2-message protocol.  Less work on the
>> spec but no change on the implementation - the server code
>> would still have to branch its code based on the request no
>> matter which way the message came.
>>
>> What do you think?
>>
>> Arshad
>>
>> ----- Original Message -----
>> From: "Anil Saldhana" <Anil.Saldhana@redhat.com>
>> To: "Arshad Noor" <arshad.noor@strongauth.com>
>> Cc: "ekmi" <ekmi@lists.oasis-open.org>
>> Sent: Tuesday, April 15, 2008 4:27:27 PM (GMT-0800) America/Los_Angeles
>> Subject: Re: [ekmi] My slip-up and an update
>>
>> Very interesting that it took me close to a month to answer this. :(
>>
>> I was referring to the usage of GKID to indicate that the request is 
>> for a new symmetric key.  Why not have an explicit element such as
>>
>> ekmi:NewSymKeyRequest
>>
>>
>>
>> Arshad Noor wrote:
>>> I will expand the abbreviations to reflect the full and
>>> meaningful names, Anil.  However, I don't recall the "new
>>> XML element to obtain the symmetric key".  Can you refresh
>>> my memory on that?  Thanks.
>>>
>>> Arshad
>>>
>>> Anil Saldhana wrote:
>>>> Arshad,
>>>>   additionally as discussed at IDTrust08, I hope we can get the 
>>>> expansion of the abbreviated xml element names and a new xml element 
>>>> (to obtain sym key) into the drafts.