[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IETF-PKIX] PKIX Operational protocols through WebCAP

Date: 17 Apr 98 10:44:57 -0700
From: Surendra Reddy <skreddy@us.oracle.com>
To: ietf-pkix@tandem.com
Cc: skreddy@us.oracle.com
Subject: PKIX - Operational Protocols through WebCAP


I have just completed a simple/HTTP based Certificate Access
Protocol with XML encoding to transport service requests and
responses. This protocol is completely HTTP based and extensible
through XML DTDs. I am sending this as a ID. I am glad to invite
authors of HTTP/FTP operational protocol and OCSP documents
to be co-authors of this document, so that we can converge on
various issues that had already been discussed and resolved.

Here is an Abstract of this protocol draft:

                Web based Certificate Access Protocol
                Surendra Reddy(skreddy@us.oracle.com)

Abstract
   Web based Certificate Access Protocol is a set of extensions to HTTP/1.1
   with service requests as XML document DTDs.  WebCAP protocol provides a
   highly scalable and distributed architecture. Since HTTP is widely
deployed
   protocol on the internet, deploying the PKI infrastructure
   on HTTP servers through WebCAP extensions provides more flexibility,
   all internet users can use it even if the site they belong has a
   firewall against intruders.  The WEBCAP provides some useful facilities
   for PKI; an information caching by both a proxy server and client
software,
   a secure transport layer service for confidentiality, a flexible request
   forwarding which can be used in CA and CA communication.

   WebCAP protocol supports:

     o    registration - whereby a user establishes its identity to CA
          prior to that CA issuing a certificate or certificates for
          that user.

     o    initialization - initialization of necessary key materials
          into the client system.

     o    certification - issues certificates to a user's public key and
          returns that certificate to the client system

     o    revocation - performs certification revocation by authorized
          users.

     o    queries - supports basic queries for certificate retrieval,
          validation.

     o    cross certification - exchange information between CAs to
          establish a cross certifications.


   In HTTP/1.1, method parameter information was exclusively encoded in
   HTTP headers. Unlike HTTP/1.1, WebCAP, encodes method parameter
   information either in an Extensible Markup Language (XML) [Bray,
   Paoli, Sperberg-McQueen, 1998] request entity body, or in an HTTP
   header.  The use of XML to encode method parameters was motivated by
   the ability to add extra XML elements to existing structures,
   providing extensibility, and by XML's ability to encode information
   in ISO 10646 character sets, providing internationalization support.
   As a rule of thumb, parameters are encoded in XML entity bodies when
   they have unbounded length, or when they may be shown to a human
   user and hence require encoding in an ISO 10646 character set.
   Otherwise, parameters are encoded within HTTP headers.

   In addition to encoding method parameters, XML is used in WebCAP to
   encode the responses from methods, providing the extensibility and
   internationalization advantages of XML for method output, as well as
   input.

   The XML namespace extension is also used in this specification in order
   to allow for new XML elements to be added without fear of colliding with
   other element names.

.......................................................
Surendra K Reddy                phone:  +1(650) 506 5441
Development Manager             mobile: +1(650) 867 4757
Internet Applications Division  email(oracle): skreddy@us.oracle.com
Oracle Corporation              email(inet)  : Surendra.Reddy@skreddy.com