70 likes | 166 Views
Keyprov PSKC Specification Draft version 05 Authors: P. Hoyer, M. Pei, S. Machani. 72 nd IETF meeting (July 27-August 1) Dublin, Ireland. Agenda. Status update Outstanding issues Next steps. Status Update: Changes since v4. Namespace change
E N D
Keyprov PSKC SpecificationDraft version 05Authors: P. Hoyer, M. Pei, S. Machani 72nd IETF meeting (July 27-August 1) Dublin, Ireland
Agenda • Status update • Outstanding issues • Next steps
Status Update: Changes since v4 • Namespace change "urn:ietf:params:xml:ns:keyprov:container:1.0" to “urn:ietf:params:xml:ns:keyprov:pskc:1.0" • Schema changes • KeyData type change • From name-value pair to strong type • Extensions type used • ID type: use xs:Id for element reference • Added optional Id element to the container • Changed KeyPropertiesType:KeyPropertiesId from type xs:String to xs:ID • Added optional PINPolicyId attribute of type xs:ID to PINPolicyType • Changed KeyType:KeyPropertiesId from type xs:string to be of type xs:IDREF • Additional attributes in PINPolicyType (e.g. MinLength)
Status Update: Changes since v4 • Naming changes • PINPolicyType: WrongPINtry to ‘MaxFailedAttempts’ • PINUsageMode ‘InAlgo’ to ‘Algorithmic’ • DeviceIdType to DeviceInfoType • ‘UserId’ to ‘User’ in DeviceType • Additions • Added stringDataType, intDataType, binaryDataType and longDataType element types with a choice of PlainValue and EncryptedValue sub-elements • Added the KeyContainer:KeyProperties element • Added ‘Append’ to PINUsageModeType for completeness • Additional algorithm URI definitions • Added OCRA URI to the spec and added an example • Added TOTP URI to the spec and added an example • Added RSA SecurID-AES-Counter algorithm definition • Added an optional UserID to the Key • Added an example of KeyProperties • Added description for added extension points
Status Update: Changes since v4 • Various cleanups • Spelling • Descriptions • Mandatory vs. optional • PINKeyId of PINPolicy, Usage of KeyType and Usage of KeyPropertiesType • Removed IANA section for XML tag registry
Outstanding Issues • Do we need some for of IANA registry to register the extensions to the format? • Issue about KeyId • Should it be defined of type “xs:Id” instead of “string”? • Proposal to change KeyId type to “xs:Id” and redefine it as an internal identifier within the container and add a new MANDATORY element /attribute (e.g. KeySerialNumber) of type “string” to uniquely identify the key externally (globally or within the boundaries of the authentication system) • Issue about Time KeyData • Should it be “dateTime” type instead of “int”? • Add optional algorithms for HMAC and encryption • Hmac-sha256, 384, and 512 • http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc, camellia192-cbc, camellia256-cbc
Next Steps • Review feedbacks and make final changes • Last call