110 likes | 113 Views
XKMS Specifications. Phillip Hallam-Baker. Changes Since 1.1. Cosmetic Significant. Cosmetic Changes. Source is now in HTML A C# program generates TOC, paragraph numbers etc Expect to extend this to automate linkage to schema Have removed all Word formatting artifacts
E N D
XKMS Specifications Phillip Hallam-Baker
Changes Since 1.1 • Cosmetic • Significant
Cosmetic Changes • Source is now in HTML • A C# program generates TOC, paragraph numbers etc • Expect to extend this to automate linkage to schema • Have removed all Word formatting artifacts • Some remaining bugs: • Promote some H3 headings to H2 etc • Generate Table of Figures • Citation index etc.
Schema Changes • Have adopted the SAML name conventions • All elements are of named type • Element X has type XType • All messages are derived from the MessageAbstractType • Use this as a hook for the security enhancements • E.g. signature
Protocol Changes • Register split into 4 separate components • Explicit description of processing steps • Handling of pending requests • Optional Represent mechanism • Defeat Request Replay attack • DoS protection • Added mechanism to prevent response replay • Added mechanism to prevent message substitution
Protocol Changes • Changed RespondWith processing model • Added UseKeyWith • Currently Protocol URI, Identifier URI • Use an <any> element in manner of SAML? • Use of QNames • Recommended in SAML by the XML gurus • Should we use QNames or URIs? • Processing model – load on application • Extension model of QNames – is it really thought through?
Issue: X-Bulk • Should be possible to reduce X-Bulk spec • Most of the mechanisms described have been adopted in the core spec • Still useful to have a separate X-Bulk spec
Outstanding Work Items • [I-Examples] The examples are worn out • Require fixing • Preferably synchronize with example script • [I-PayloadHash] • For establishing correspondence of response to a specific request. • [I-SOAP] • Introduce section in the request/response section that discusses the SOAP binding issues, in particular SOAP faults.
Outstanding Work Items (Cont.) • [I-Passphrase] • Need to expand on passphrase handling • Specify a processing model • <others?>
Comments on text: • ¶141 Must/Should language for TLS • ¶146 Precise specification of request digest • In the XKMS layer or as XML Signature element? • ¶238 Make Status an attribute? • Probably a few element to attribute transfers possible • ¶261 UseKeyWith identifiers table • ¶263 Identifier field to an ANY element?
Comments on text (Cont.) • ¶655 WSDL specification • ¶several Example text to be regenerated • ¶691 Legal text to be supplied