Upload
jayden-mcconnell
View
213
Download
0
Embed Size (px)
Citation preview
XKMS Specifications
Phillip Hallam-Baker
Changes Since 1.1
• Cosmetic
• Significant
Cosmetic Changes
• Source is now in HTML– A C# program generates TOC, paragraph numbers etc
– Expect to extend this to automate linkage to schema
– Have removed all Word formatting artifacts
• Some remaining bugs:– Promote some H3 headings to H2 etc
– Generate Table of Figures
– Citation index etc.
Schema Changes
• Have adopted the SAML name conventions– All elements are of named type
• Element X has type XType
– All messages are derived from the MessageAbstractType
• Use this as a hook for the security enhancements– E.g. signature
Protocol Changes
• Register split into 4 separate components• Explicit description of processing steps
– Handling of pending requests
• Optional Represent mechanism – Defeat Request Replay attack
– DoS protection
• Added mechanism to prevent response replay• Added mechanism to prevent message substitution
Protocol Changes
• Changed RespondWith processing model • Added UseKeyWith
– Currently Protocol URI, Identifier URI
– Use an <any> element in manner of SAML?
• Use of QNames– Recommended in SAML by the XML gurus
– Should we use QNames or URIs?• Processing model – load on application
• Extension model of QNames – is it really thought through?
Issue: X-Bulk
• Should be possible to reduce X-Bulk spec– Most of the mechanisms described have been
adopted in the core spec
• Still useful to have a separate X-Bulk spec
Outstanding Work Items
• [I-Examples] The examples are worn out– Require fixing– Preferably synchronize with example script
• [I-PayloadHash] – For establishing correspondence of response to a
specific request.
• [I-SOAP] – Introduce section in the request/response section that
discusses the SOAP binding issues, in particular SOAP faults.
Outstanding Work Items (Cont.)
• [I-Passphrase] – Need to expand on passphrase handling
• Specify a processing model
• <others?>
Comments on text:
• ¶141 Must/Should language for TLS• ¶146 Precise specification of request digest
– In the XKMS layer or as XML Signature element?
• ¶238 Make Status an attribute?– Probably a few element to attribute transfers possible
• ¶261 UseKeyWith identifiers table• ¶263 Identifier field to an ANY element?
Comments on text (Cont.)
• ¶655 WSDL specification
• ¶several Example text to be regenerated
• ¶691 Legal text to be supplied