OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: The XML Security Gap (was Re: XML Encryption Working Draft)


>>>>> "HL" == Hal Lockhart <hal.lockhart@entegrity.com> writes:

    HL> Considering that the current proposals do not even cover
    HL> signatures, which we surely want, [...]

This brings up a good point: the current core architecture proposals
have little or no mention of digital signatures. I've always thought
of this as part of the definition of assertions and messages, but Phil
remarked during the F2F that he considered it a bindings issue.

It appears that XML signatures are falling into the gap between
assertions and messages on one side, and bindings on the other. We can
probably debate until the cows come home whether use of XML Security*
is a "binding", part of "core", or something else entirely.

How can we address this? 

I suggest that maybe we should commission YASC (Yet Another
Sub-Committee) to defray the effort of doing this work. I think there
-is- some work that needs to be done.

~ESP

* I realize that this is a confusing term, but it seems to be the one
  used by the W3C for the aggregate of XML Signature and XML
  Encryption, so I'm borrowing it here. If it helps, I can send out a
  sed script that subs the string "XML Signature and XML Encryption"
  for "XML Security" to interested parties.

-- 
Evan Prodromou, Senior Architect        eprodromou@securant.com
Securant Technologies, Inc.             415-856-9551



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC