OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [wss] Issues and proposed edits to X509 'Whatever' document

I think that there are two separate issues here.

First the types of semantic blobs that can be attached, second whether
it is valuable to transcode those blobs.

The problem being that signed blobs tend to be hard to transcode. I do
not believe in relying on ASN.1 DER encoding. So unless the object is
created in XML and signed in XML (as in XCBF) the value of exposing the
inner data as XML is somewhat limited since most recipients would have
to re-encode the data in ASN.1 DER to check the signature.

I agree however that it would be very useful to transcode from X.509
attribute certificates to an XML friendly form, however I would suggest
SAML or the like as being the appropriate technology.

	Phill

> -----Original Message-----
> From: Phillip H. Griffin [mailto:phil.griffin@asn-1.com]
> Sent: Tuesday, November 26, 2002 1:08 PM
> To: Hallam-Baker, Phillip
> Cc: 'wss@lists.oasis-open.org'
> Subject: Re: [wss] Issues and proposed edits to X509 
> 'Whatever' document
> 
> 
> Phill,
> 
> 
> Hallam-Baker, Phillip wrote:
> 
> >So far few changes due to complete lack of comments. I do 
> not propose to
> >cycle the draft until after the title vote result is announced.
> >
> >Issue 
> >  
> >
> snip
> 
> >[X2] Line 94
> >	Should we add in options for other X.509/PKIX data structures?
> >	E.g. OCSP token, CRL, attribute certificate?
> >
> >  
> >
> Take a look at the post Monica made recently for an XCBFSecurityToken.
> ASN.1 encoded objects are not only binary. They can be 
> presented as both
> binary or XML.
> 
> Considering the earlier discussions surrounding PKCS #7 
> types. I believe 
> that
> the best approach would be to have not a binary token, but an 
> ASN.1 (or
> perhaps for the benefit of the likes of Kerberos) or "Foreign" token 
> that could
> carry Base64 armored binary objects or ASN.1 objects encoded 
> as in XCBF
> using the XML Encoding Rules.
> 
> This approach if properly generalized (not without limit) would 
> eliminate the
> need for more and more WSS or private token formats.
> 
> Phil
> 
> 
>

Attachment: smime.p7s
Description: application/pkcs7-signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC