ebxml-tp message


OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

Subject: comments on cppml,v0.1.dtd


All,

I would like to hear some opinions on the following comment
I have regarding the initial draft DTD for our CPP/CPA.

The original tpaML,v1.0.6 offered a Certificate
element which was composed of (basically) the same
elements as have been defined thus far for our CPP.
I only reorganized things such that a set of Certificates
could be organized/collected within a Party element (formerly 
Participants/Member). 

The issue/comment that I have is that the certificate
contains no means which I can determine to actually
identify the certificate itself. Would we be better
served to leverage the work of the (now CR) XMLDSig WG
and use the KeyInfo element they have defined?

http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/#sec-KeyInfo

e.g.
<KeyInfo>
  <X509Data> <!-- two pointers to certificate-A -->
    <X509IssuerSerial> 
      <X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM, 
                  L=Yamato-shi, ST=Kanagawa, C=JP</X509IssuerName>
      <X509SerialNumber>12345678</X509SerialNumber>
    </X509IssuerSerial>
    <X509SKI>31d97bd7</X509SKI> 
  </X509Data>
  <X509Data> <!-- single pointer to certificate-B -->
      <X509SubjectName>Subject of Certificate B</X509SubjectName>
  </X509Data> 
  <X509Data><!-- certificate chain -->
              <!--Signer cert, issuer CN=arbolCA,OU=FVT,O=IBM,C=US, serial 4-->
    <X509Certificate>MIICXTCCA..</X509Certificate>
    <!-- Intermediate cert subject CN=arbolCA,OU=FVTO=IBM,C=US 
                   issuer,CN=tootiseCA,OU=FVT,O=Bridgepoint,C=US -->
    <X509Certificate>MIICPzCCA...</X509Certificate>
    <!-- Root cert subject CN=tootiseCA,OU=FVT,O=Bridgepoint,C=US -->
    <X509Certificate>MIICSTCCA...</X509Certificate>
  </X509Data>
</KeyInfo>

It would seem to me that this would be a logical choice
for us as it would (potentially) ease implementation
use of this particular feature, especially once XMLDSig becomes
more commonly used.

I see no real benefit at this stage for ebXML to define
its own XML vocabulary for describing a certificate.

Comments?

Thanks!

Chris
begin:vcard 
n:Ferris;Christopher
x-mozilla-html:FALSE
org:Sun Microsystems, Inc;XTC Advanced Development
adr:;;;;;;
version:2.1
email;internet:chris.ferris@east.sun.com
title:Sr. Staff Engineer
x-mozilla-cpt:;0
fn:Christopher Ferris
end:vcard


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC