[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Time to close the WS-SX TC?
Not pretty. I have seen the – what? – chaos in the Sig & Enc work and the lack of resolution. I still think that from a standards architectural perspective,
that these types of foundational aspects, such as symbols, should be delegated/inherited. That it doesn’t map, as you said, is what I’m pointing out, and the resolution is almost a refactoring rather than an addition, with the alternative being a never-closed
spec. From: Hal Lockhart [mailto:hal.lockhart@oracle.com]
I am specifically avoiding the issue of specifying what algorithms must be used or ought to be used. I just want to add symbols to make it possible to use these
and interoperate. To answer your question, in an ideal world W3C-Sec should define all the symbols, but they are not in Sig & Enc 1.1 and work on Sig & Enc 2.0 has stalled for
lack of prospective implementations. In any event, because WS-SP has chosen to structure the Algorithm Suite Property in a way which does not map directly to cryptographic algorithm identifiers,
we could not go directly from XML Enc & XML Sig to WS-SP directly even if W3C-Sec had defined these. Hal From: Carlo Milono [mailto:cmilono@tibco.com]
This brings up an issue of how to maintain (?) specs that have foundational roots in older technologies. Your example points to some newer primitives. There
will be even newer ones in the future. SHA-3? I think the wording of OASIS should be somewhat open-ended in a way to future-proof changes in the foundation. MD5 is no longer considered secure, and SHA-1 is not recommended – what about the Digest Password
in Username Token Profile? Eh… Some specs seem to mandate the ‘best of the day’, but don’t account for the ‘best’ dying at some future date. From:
ws-sx@lists.oasis-open.org [mailto:ws-sx@lists.oasis-open.org]
On Behalf Of Hal Lockhart Actually I have been intending to propose one new piece of business. I would like to produce a update to WS-SP to add new symbols for the following algorithms: ECC GCM (with AES) The composite sign/encrypt algorithms being defined in JOSE. I am sorry I have not had the time to make a formal proposal. What do others think? Hal From: Kelvin Lawrence [mailto:klawrenc@us.ibm.com]
Hi folks. We (the WS-SX TC members) have not had any business to discuss in a very long time and I have not seen any issues raised on the private or public lists.
My colleagues are reporting the same experience with the other WS-* TCs. I think perhaps it is now a safe time to declare the WS-SX TC has run its course. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]