wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: [wss] ISSUE: Core - clarify Key Identifier?
- From: Peter Dapkus <pdapkus@bea.com>
- To: Web Services Security <wss@lists.oasis-open.org>
- Date: Wed, 05 Mar 2003 21:27:55 -0800
The specification is vague on the topic of Key Identifiers. As someone who's exposure to key identifiers has been through the spec only, I have a very hard time understanding why I should implement them and what I would do with them if I did. The Core spec leaves a number of key questions unanswered.
- What is the benefit of this over other forms of reference (i.e. KeyInfo)?
- Are they Key Identifiers or Token Identifiers? How are they different from KeyInfo's SKI? If they're really token Identifiers, we could avoid the overlap from X.509 by changing the name. I saw one suggestion that they would be hashes of certificates, which suggests they're token identifiers.
- Where are the contents of Key Identifiers defined? I see from the mailing list, that there was discussion of defining them in the profiles, but it doesn't say that in the spec anywhere.
- If these are defined in the profiles, what is the Key Identifier for X509 certs? it's missing from the profile.
- Relative to whom is the key identifier specified? the sender or the receiver? Or are these supposed to be absolute? If they are absolute, what is the foundation? Maybe this is in the profile?
cheers,
-Pete
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]