[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ekmi] SKSML Spec changes uploaded for your review
Tomas, the message payload still needs to be secured (non-repudiation, integrity, confidentiality) . Either XML Signature or encryption or both can be used. If there is a need for transport level security, that can be used. But I feel seeing the key in an unsecured manner makes me feel uncomfortable. :) At a bare minimum, xml encryption needs to be used for the key. Outside of that, either xmldsig or mutual tls can be used. Open to further discussion. Regards, Anil On 08/16/2010 12:41 PM, Tomas Gustavsson wrote: > > Hi, > > Anil, I have one question about the changes. > > The change to: > ----- > SKSML relies on XML Signature and XML Encryption. Relying only the on > the WSS profile > that uses RSA cryptographic key-pairs and digital certificates, SKSML > uses the digital > signatures for authenticity and message-integrity, while using > RSA-encryption for > confidentiality; > ----- > > I interpret the change as that we want to decouple the SKSML messages, > which in itself are not signed and encrypted, but instead rely on > signature and encryption features of the transport (SOAP in the old > case). > If an email or rest type protocol is used instead of SOAP, could we > not depend on the transport security (TLS client cert authentication > for example) instead of XML signatures and encryption. Would it not > then be better to simply say "digital signatures and encryption" > > Regards, > Tomas > > > On 08/16/2010 06:30 PM, Anil Saldhana wrote: >> Tomas, >> we have a meeting tomorrow. I must have read the calendar wrong. 17th it >> is. >> >> Regards, >> Anil >> >> On 08/16/2010 10:08 AM, Tomas Gustavsson wrote: >>> >>> Did we move the meeting to 17th? It says so in the calendar, but it >>> says 16th below. >>> >>> Cheers, >>> Tomas >>> >>> >>> On 08/06/2010 12:25 AM, Anil Saldhana wrote: >>>> Hi all, >>>> for our August 16th meeting, it is important that you review and >>>> provide >>>> feedback for the spec changes. We can then vote for the spec to be >>>> sent >>>> for the 15 day public review. >>>> >>>> Spec: >>>> http://www.oasis-open.org/committees/document.php?document_id=38898 >>>> >>>> Description of changes made: >>>> http://www.oasis-open.org/committees/document.php?document_id=38899 >>>> >>>> Schema Files: >>>> http://www.oasis-open.org/apps/org/workgroup/ekmi/download.php/38900/sksml-schema.zip >>>> >>>> >>>> >>>> >>>> Regards, >>>> Anil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]