[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] Issues and proposed edits to X509 'Whatever' document
X1-Support 1. X2-Yes. -----Original Message----- From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com] Sent: Tuesday, November 26, 2002 10:48 AM To: 'wss@lists.oasis-open.org' Subject: [wss] Issues and proposed edits to X509 'Whatever' document So far few changes due to complete lack of comments. I do not propose to cycle the draft until after the title vote result is announced. Issue [X1] Line 117 The XML Signature specification defines a <RetrievalMethod> element that may be used to specify the location of the certificate, this is particularly important in the case that the certificate is not packaged with the message at all and is instead referenced. There is an overlap between the semantics of XML Signature <ds:RetreivalMethod>and wsse:SecurityTokenReference in that someone might use ds:RetrievalMethod to create a reference to the header. We have the following options 1) Allow both methods, note that one is preferred 2) Prohibit RetreivalMethod element pointing to the message itself 3) Eliminate SecurityTokenReference and state that RetrievalMethod should be used. I don't much like 2 as the distinction appears arbitrary to me, would we likewise prohibit a reference to a DIME attachment??? What is in the message anyhow? If we do 1 we need wording. [X2] Line 94 Should we add in options for other X.509/PKIX data structures? E.g. OCSP token, CRL, attribute certificate? [X3] line 128 Section Authorization Specify that Authorization information may be encapsulated in the X.509 distinguished name, extension fields or related attribute certificates Edits Lines 2, 3, 6, 170 Minor numbering edits Line 73 Terminology Add in description for * Certificate * Attribute Certificate * OCSP Validity Token * Certificate Revocation List
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC