[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Another streamlining approach to the core
Hi all, the last remaining big chunk of complexity in the core (imported from XMLDSig) is the KeySelector structure. So I took a look at the elements in details and identified some of the tags as useless: KeyValue: Structure outdated, as it is limited to DSA and RSA. Handing over the plain key to the server makes not that much sense to me, anyway. RetrievalMethod: A way to reference a key included in the request at another point. Does not really makes too much sense for me. In the worst case just copy the content. PGPData: Are PGP keys relevant for DSS? If yes, we can transport KeyId or the Base64 content in the respective fields. A PGP-aware server will be able to handle it. SPKIData: Is there any relevance of SPKI today ? MgmtData: use 'not recommended' in the XMLDSig spec. What's left are these five elements: X509IssuerSerial: well established and dtmo in use widely. X509SubjectName: quite common way to address a certificate X509SKI: well established and dtmo in use widely. X509Certificate: a verbose way to select a certificate. And I cannot think of a use case where the server signs with a certificate it hadn't seen before. Maybe we can drop this one in favor of X509SKI KeyName: a generic fallback for any other way of identifying a key. So maybe we can get away with something likes this: <xs:complexType name="StreamlinedKeyInfoType"> <xs:choice> <xs:element name="X509IssuerSerial" > <complexType name="X509IssuerSerialType" mixed="false"> <sequence> <element name="X509IssuerName" type="string"/> <element name="X509SerialNumber" type="integer"/> </sequence> </complexType> </xs:element> <xs:element name="X509SubjectName" type="string"/> <xs:element name="X509SKI" type="base64Binary"/> <xs:element name="X509Certificate" type="base64Binary"/> <xs:element name="KeyName" type="string"/> </xs:choice> </xs:complexType> What's your opinion? Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]