XKMS Specifications

1
XKMS Specifications

• Phillip Hallam-Baker

2
Changes Since 1.1

• Cosmetic
• Significant

3
Cosmetic Changes

• Source is now in HTML
• A C program generates TOC, paragraph numbers etc
• Expect to extend this to automate linkage to
  schema
• Have removed all Word formatting artifacts
• Some remaining bugs
• Promote some H3 headings to H2 etc
• Generate Table of Figures
• Citation index etc.

4
Schema Changes

• Have adopted the SAML name conventions
• All elements are of named type
• Element X has type XType
• All messages are derived from the
  MessageAbstractType
• Use this as a hook for the security enhancements
• E.g. signature

5
Protocol Changes

• Register split into 4 separate components
• Explicit description of processing steps
• Handling of pending requests
• Optional Represent mechanism
• Defeat Request Replay attack
• DoS protection
• Added mechanism to prevent response replay
• Added mechanism to prevent message substitution

6
Protocol Changes

• Changed RespondWith processing model
• Added UseKeyWith
• Currently Protocol URI, Identifier URI
• Use an ltanygt element in manner of SAML?
• Use of QNames
• Recommended in SAML by the XML gurus
• Should we use QNames or URIs?
• Processing model load on application
• Extension model of QNames is it really thought
  through?

7
Issue X-Bulk

• Should be possible to reduce X-Bulk spec
• Most of the mechanisms described have been
  adopted in the core spec
• Still useful to have a separate X-Bulk spec

8
Outstanding Work Items

• I-Examples The examples are worn out
• Require fixing
• Preferably synchronize with example script
• I-PayloadHash
• For establishing correspondence of response to a
  specific request.
• I-SOAP
• Introduce section in the request/response section
  that discusses the SOAP binding issues, in
  particular SOAP faults.

9
Outstanding Work Items (Cont.)

• I-Passphrase
• Need to expand on passphrase handling
• Specify a processing model
• ltothers?gt

10
Comments on text

• 141 Must/Should language for TLS
• 146 Precise specification of request digest
• In the XKMS layer or as XML Signature element?
• 238 Make Status an attribute?
• Probably a few element to attribute transfers
  possible
• 261 UseKeyWith identifiers table
• 263 Identifier field to an ANY element?

11
Comments on text (Cont.)

• 655 WSDL specification
• several Example text to be regenerated
• 691 Legal text to be supplied