OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] Symmetric Key Response - Phil Hoyer, IETF KeyProv Suggestion


Should it be ekmi:KeyContainer etc instead of just KeyContainer?

Cheers,
Tomas


Anil Saldhana wrote:
> Hi all,
>   we had agreed to incorporate Phil Hoyer's suggestion for the Symmetric 
> Key Response pay load to have extensions to allow non-ekmi based systems 
> to send responses back.
> 
> The original proposal is here: 
> http://wiki.oasis-open.org/ekmi/CommentsReceivedForSKSMLReview
> 
> This is how the incorporation will be:
> 
> Regular SKSML Response Payload:
> 
> ==================
> <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
>     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <ekmi:Symkey>
> <ekmi:SymkeyRequestID>10514-1-7476</ekmi:SymkeyRequestID>
> <ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID>
> <ekmi:KeyUsePolicy>
> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID>
> <ekmi:PolicyName>DES-EDE KeyUsePolicy</ekmi:PolicyName>
> <ekmi:KeyClass>HR-Class</ekmi:KeyClass>
> <ekmi:KeyAlgorithm> http://www.w3.org/2001/04/xmlenc#tripledes-cbc
> </ekmi:KeyAlgorithm>
> <ekmi:KeySize>192</ekmi:KeySize>
> <ekmi:Status>Active</ekmi:Status>
> <ekmi:Permissions>
>                 ....
> </ekmi:Permissions>
> </ekmi:KeyUsePolicy>
> <ekmi:EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
> <xenc:CipherData>
> <xenc:CipherValue>
>                 ....
> </xenc:CipherData>
> </ekmi:Symkey>
> </ekmi:SymkeyResponse>
> 
> ====================
> 
> 
> An IETF KeyProv response embedded in the sym key response would look as 
> follows:
> ====================
> <ekmi:SymkeyResponse xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
>     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <KeyContainer Version="1.0" 
> xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
> <Device>
> <DeviceInfo>
> <Manufacturer>aManufacturer</Manufacturer>
> <SerialNo>10514-1-235</SerialNo>
> </DeviceInfo>
> <Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; 
> KeyId="10514-1-235">
> <Issuer>anIssuer</Issuer>
> </Key>
> </Device>
> </KeyContainer>
> </ekmi:SymkeyResponse>
> ========================
> 
> I think parsers are smart enough to figure out the payload and there is 
> no need to add an additional indirection to
> identify the type of payload contained inside the ekmi:SymkeyResponse
> 
> Regards,
> Anil
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]