OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri-editors message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xri-editors] Trusted Resolution


On Tue, 2004-11-16 at 17:54, Dave McAlpin wrote:
> a] I've certainly encountered cases where I wished I had client
> authentication on resolution requests, but I've avoided because DNS
> doesn't have that concept and authentication in general is a can of
> worms. I'd be interested in reading a draft.
> 

consider the draft in progress then ;-)

> b] I don't know enough to comment about HTTP headers, but I'll ask for
> internal opinions at Epok and get back to you.
> 
ok

> c] I don't follow. How does this differ from the current proposal,
> where
> XRIAuthority contains an optional ds:KeyInfo element to convey the
> signing key of the next authority?

Sounds like i missed something in my review of the schema.  so long as
one can associate, unamiguously, a signing ds:KeyInfo key with it's
XRIAuthority, i'm fine with that.

on a related note (inspired by some liberty work), if we choose to
consider XMLEncryption (which SAML2.0 will) for encrypting portions of
attribute statements, then we will need to allow something like this
(shamefully reproduced from Lib-Metadata):

<xs:element name="XRIDKeyInfo" type="keyDescriptorType"/>
<xs:complexType name="keyDescriptorType">
   <xs:sequence>
       <xs:element minOccurs="0" name="EncryptionMethod" 
            type="xs:anyURI"/>
       <xs:element minOccurs="0" name="KeySize" type="xs:integer"/>
       <xs:element minOccurs="0" ref="ds:KeyInfo"/>
       <xs:element minOccurs="0" ref ="Extension"/>
   </xs:sequence>
   < xs:attribute name="use" type="keyTypes use="required"/>
</xs:complexType>
<xs:simpleType name="keyTypes">
    <xs:restriction base="xs:string">
        <xs:enumeration value="encryption"/>
       <xs:enumeration value="signing"/>
    </xs:restriction>
</xs:simpleType>

something to think about... i trend to prefer document level security,
when we can apply it.		
	
--- peterd




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]