[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: veiko.sinivee@seb.se Dear sirs, My company has produced a similar webservice for digital signing. Unfortunately we started before this spec was published. Now after comparing our results with this spec I find the following differences. The spec handles only the case for creating digital signatures on a special server and not on the customers PC as in our case. This makes the spec unusable for us because we try to promote writing webapplications that allowe customers use smartcards for digital signatures. So the customers would have to sign the data on his own PC and a server cannot provide all of the functionality. Servers signature is only useful for a company issuing digitally signed documents but not for a private person wishing to confirm some document with his own digital signature. The signing process in our case has many steps. First the customers environment (operating system, browser type & version, availibility of Java etc.) is determined. Then a suitable signature component (ActiveX, Java applet etc.) is sent to the customers browser. Now all card readers and smartcards are searched. Customer can add info to be incorporated in a digital signature (e.g. <ClaimedRole> and/or <SignatureProductionPlace>) and customers certficate (possibly one of many) is sent to the server. Finally customer signs the hash of <SignedInfo> and signature is completed. Ok I recommend the following change to the spec: <xs:element name=”SignRequest”> ... <xs:element ref=”dss:InputDocuments” minOccurs="0"/> ... Thus element <InputDocuments> would no longer be required in <SignRequest>. This would enable us to send <SignRequest> -s with <OptionalInputs> for the customers signing environment negotioation phase. regards, Veiko Sinivee
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]