OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] Symmetric Key Response - Phil Hoyer, IETF KeyProv Suggestion

Tomas,
   it is coming from the ietf namespace.

Essentially we are saying that underneath the ekmi:SymkeyResponse root, 
we can send any elements and the parser will take care or throw errors.

Regards,
Anil

On 04/20/2010 02:46 AM, Tomas Gustavsson wrote:
>
> Should it be ekmi:KeyContainer etc instead of just KeyContainer?
>
> Cheers,
> Tomas
>
>
> Anil Saldhana wrote:
>> Hi all,
>>   we had agreed to incorporate Phil Hoyer's suggestion for the 
>> Symmetric Key Response pay load to have extensions to allow non-ekmi 
>> based systems to send responses back.
>>
>> The original proposal is here: 
>> http://wiki.oasis-open.org/ekmi/CommentsReceivedForSKSMLReview
>>
>> This is how the incorporation will be:
>>
>> Regular SKSML Response Payload:
>>
>> ==================
>> <ekmi:SymkeyResponse 
>> xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
>>     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
>>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>> <ekmi:Symkey>
>> <ekmi:SymkeyRequestID>10514-1-7476</ekmi:SymkeyRequestID>
>> <ekmi:GlobalKeyID>10514-1-235</ekmi:GlobalKeyID>
>> <ekmi:KeyUsePolicy>
>> <ekmi:KeyUsePolicyID>10514-4</ekmi:KeyUsePolicyID>
>> <ekmi:PolicyName>DES-EDE KeyUsePolicy</ekmi:PolicyName>
>> <ekmi:KeyClass>HR-Class</ekmi:KeyClass>
>> <ekmi:KeyAlgorithm> http://www.w3.org/2001/04/xmlenc#tripledes-cbc
>> </ekmi:KeyAlgorithm>
>> <ekmi:KeySize>192</ekmi:KeySize>
>> <ekmi:Status>Active</ekmi:Status>
>> <ekmi:Permissions>
>>                 ....
>> </ekmi:Permissions>
>> </ekmi:KeyUsePolicy>
>> <ekmi:EncryptionMethod 
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
>> <xenc:CipherData>
>> <xenc:CipherValue>
>>                 ....
>> </xenc:CipherData>
>> </ekmi:Symkey>
>> </ekmi:SymkeyResponse>
>>
>> ====================
>>
>>
>> An IETF KeyProv response embedded in the sym key response would look 
>> as follows:
>> ====================
>> <ekmi:SymkeyResponse 
>> xmlns:ekmi='http://docs.oasis-open.org/ekmi/2008/01'
>>     xmlns:xenc='http://www.w3.org/2001/04/xmlenc#' 
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>> <KeyContainer Version="1.0" 
>> xmlns="urn:ietf:params:xml:ns:keyprov:pskc:1.0">
>> <Device>
>> <DeviceInfo>
>> <Manufacturer>aManufacturer</Manufacturer>
>> <SerialNo>10514-1-235</SerialNo>
>> </DeviceInfo>
>> <Key KeyAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; 
>> KeyId="10514-1-235">
>> <Issuer>anIssuer</Issuer>
>> </Key>
>> </Device>
>> </KeyContainer>
>> </ekmi:SymkeyResponse>
>> ========================
>>
>> I think parsers are smart enough to figure out the payload and there 
>> is no need to add an additional indirection to
>> identify the type of payload contained inside the ekmi:SymkeyResponse
>>
>> Regards,
>> Anil

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]