OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ekmi] SKSML Spec changes uploaded for your review

  Tomas,
   the message payload still needs to be secured (non-repudiation, 
integrity, confidentiality) . Either XML Signature or encryption or both 
can be used.  If there is a need for transport level security, that can 
be used.  But I feel seeing the key in an unsecured manner makes me feel 
uncomfortable. :)

At a bare minimum, xml encryption needs to be used for the key.  Outside 
of that, either xmldsig or mutual tls can be used.

Open to further discussion.

Regards,
Anil

On 08/16/2010 12:41 PM, Tomas Gustavsson wrote:
>
> Hi,
>
> Anil, I have one question about the changes.
>
> The change to:
> -----
> SKSML relies on XML Signature and XML Encryption. Relying only the on 
> the WSS profile
> that uses RSA cryptographic key-pairs and digital certificates, SKSML 
> uses the digital
> signatures for authenticity and message-integrity, while using 
> RSA-encryption for
> confidentiality;
> -----
>
> I interpret the change as that we want to decouple the SKSML messages, 
> which in itself are not signed and encrypted, but instead rely on 
> signature and encryption features of the transport (SOAP in the old 
> case).
> If an email or rest type protocol is used instead of SOAP, could we 
> not depend on the transport security (TLS client cert authentication 
> for example) instead of XML signatures and encryption. Would it not 
> then be better to simply say "digital signatures and encryption"
>
> Regards,
> Tomas
>
>
> On 08/16/2010 06:30 PM, Anil Saldhana wrote:
>> Tomas,
>> we have a meeting tomorrow. I must have read the calendar wrong. 17th it
>> is.
>>
>> Regards,
>> Anil
>>
>> On 08/16/2010 10:08 AM, Tomas Gustavsson wrote:
>>>
>>> Did we move the meeting to 17th? It says so in the calendar, but it
>>> says 16th below.
>>>
>>> Cheers,
>>> Tomas
>>>
>>>
>>> On 08/06/2010 12:25 AM, Anil Saldhana wrote:
>>>> Hi all,
>>>> for our August 16th meeting, it is important that you review and 
>>>> provide
>>>> feedback for the spec changes. We can then vote for the spec to be 
>>>> sent
>>>> for the 15 day public review.
>>>>
>>>> Spec:
>>>> http://www.oasis-open.org/committees/document.php?document_id=38898
>>>>
>>>> Description of changes made:
>>>> http://www.oasis-open.org/committees/document.php?document_id=38899
>>>>
>>>> Schema Files:
>>>> http://www.oasis-open.org/apps/org/workgroup/ekmi/download.php/38900/sksml-schema.zip 
>>>>
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Anil

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]