[caops-wg] Re: Grid OCSP proposal
Mike Helm
helm at fionn.es.net
Tue Mar 15 20:04:45 CST 2005
> Response may be something relatively difficult to standardize. But on the
> other hand, we would like to point out that such mechanism has been defined
> in the RFC2560 with the aim to convey additional information on assertions
> made by the responder.
> What we find is that even though such generic mechanism has already been proposed on the standard, the document lacks of suggestions about which uses can be given to the extensions in order to suggest directions or services that could improve the validation process.
The minutes should be up soon, but just a few quick comments before GGF
shuts down & I lose net access.
OCSP defined the idea of extensions, but this wasn't really
developed. There was an OCSP v2 proposed ... I think it lost
out (but may exist in some form, by the author; that's theonly
reason why I say "think" rather than "definitely did").
Instead, IETF PKIX focused on SCVP as a mechanism for advanced
info about certs, PKI, and resolving cert issues.
W3C settled on XKMS, based on their mechanisms, as a refactoring
of PKI in general, and also in the "space" of advanced certificate
validation/discovery / &c services.
OCSP would be an internal service of one or both of these services.
So, it seems to me, we should probably not look to OCSP for interesting
extensions, but on one of these other protocols/standards. XKMS would
probably fit in better with Globus' web services software development.
Thanks, ==mwh
Michael Helm
ESnet/LBNL
More information about the caops-wg
mailing list