[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] Symmetric Key Response - Phil Hoyer, IETF KeyProv Suggestion
Should it be ekmi:KeyContainer etc instead of just KeyContainer? Cheers, Tomas Anil Saldhana wrote: > Hi all, > we had agreed to incorporate Phil Hoyer's suggestion for the Symmetric > Key Response pay load to have extensions to allow non-ekmi based systems > to send responses back. > > The original proposal is here: > http://wiki.oasis-open.org/ekmi/CommentsReceivedForSKSMLReview > > This is how the incorporation will be: > > Regular SKSML Response Payload: > > ================== > <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' > xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> > <ekmi:Symkey> > <ekmi:SymkeyRequestID>10514-1-7476</ekmi:SymkeyRequestID> > <ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID> > <ekmi:KeyUsePolicy> > <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID> > <ekmi:PolicyName>DES-EDE KeyUsePolicy</ekmi:PolicyName> > <ekmi:KeyClass>HR-Class</ekmi:KeyClass> > <ekmi:KeyAlgorithm> http://www.w3.org/2001/04/xmlenc#tripledes-cbc > </ekmi:KeyAlgorithm> > <ekmi:KeySize>192</ekmi:KeySize> > <ekmi:Status>Active</ekmi:Status> > <ekmi:Permissions> > .... > </ekmi:Permissions> > </ekmi:KeyUsePolicy> > <ekmi:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> > <xenc:CipherData> > <xenc:CipherValue> > .... > </xenc:CipherData> > </ekmi:Symkey> > </ekmi:SymkeyResponse> > > ==================== > > > An IETF KeyProv response embedded in the sym key response would look as > follows: > ==================== > <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01' > xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> > <KeyContainer Version="1.0" > xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0"> > <Device> > <DeviceInfo> > <Manufacturer>aManufacturer</Manufacturer> > <SerialNo>10514-1-235</SerialNo> > </DeviceInfo> > <Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" > KeyId="10514-1-235"> > <Issuer>anIssuer</Issuer> > </Key> > </Device> > </KeyContainer> > </ekmi:SymkeyResponse> > ======================== > > I think parsers are smart enough to figure out the payload and there is > no need to add an additional indirection to > identify the type of payload contained inside the ekmi:SymkeyResponse > > Regards, > Anil > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]