1 / 7

Keyprov PSKC Specification Draft version 05 Authors: P. Hoyer, M. Pei, S. Machani

Keyprov PSKC Specification Draft version 05 Authors: P. Hoyer, M. Pei, S. Machani. 72 nd IETF meeting (July 27-August 1) Dublin, Ireland. Agenda. Status update Outstanding issues Next steps. Status Update: Changes since v4. Namespace change

koto
Télécharger la présentation

Keyprov PSKC Specification Draft version 05 Authors: P. Hoyer, M. Pei, S. Machani

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keyprov PSKC SpecificationDraft version 05Authors: P. Hoyer, M. Pei, S. Machani 72nd IETF meeting (July 27-August 1) Dublin, Ireland

  2. Agenda • Status update • Outstanding issues • Next steps

  3. Status Update: Changes since v4 • Namespace change "urn:ietf:params:xml:ns:keyprov:container:1.0" to “urn:ietf:params:xml:ns:keyprov:pskc:1.0" • Schema changes • KeyData type change • From name-value pair to strong type • Extensions type used • ID type: use xs:Id for element reference • Added optional Id element to the container • Changed KeyPropertiesType:KeyPropertiesId from type xs:String to xs:ID • Added optional PINPolicyId attribute of type xs:ID to PINPolicyType • Changed KeyType:KeyPropertiesId from type xs:string to be of type xs:IDREF • Additional attributes in PINPolicyType (e.g. MinLength)

  4. Status Update: Changes since v4 • Naming changes • PINPolicyType: WrongPINtry to ‘MaxFailedAttempts’ • PINUsageMode ‘InAlgo’ to ‘Algorithmic’ • DeviceIdType to DeviceInfoType • ‘UserId’ to ‘User’ in DeviceType • Additions • Added stringDataType, intDataType, binaryDataType and longDataType element types with a choice of PlainValue and EncryptedValue sub-elements • Added the KeyContainer:KeyProperties element • Added ‘Append’ to PINUsageModeType for completeness • Additional algorithm URI definitions • Added OCRA URI to the spec and added an example • Added TOTP URI to the spec and added an example • Added RSA SecurID-AES-Counter algorithm definition • Added an optional UserID to the Key • Added an example of KeyProperties • Added description for added extension points

  5. Status Update: Changes since v4 • Various cleanups • Spelling • Descriptions • Mandatory vs. optional • PINKeyId of PINPolicy, Usage of KeyType and Usage of KeyPropertiesType • Removed IANA section for XML tag registry

  6. Outstanding Issues • Do we need some for of IANA registry to register the extensions to the format? • Issue about KeyId • Should it be defined of type “xs:Id” instead of “string”? • Proposal to change KeyId type to “xs:Id” and redefine it as an internal identifier within the container and add a new MANDATORY element /attribute (e.g. KeySerialNumber) of type “string” to uniquely identify the key externally (globally or within the boundaries of the authentication system) • Issue about Time KeyData • Should it be “dateTime” type instead of “int”? • Add optional algorithms for HMAC and encryption • Hmac-sha256, 384, and 512 • http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc, camellia192-cbc, camellia256-cbc

  7. Next Steps • Review feedbacks and make final changes • Last call

More Related