[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on oasis-dssx-1.0-profiles-sigpolicy-cd01 18 May 2009
|
From Denis Pinkas. Bull SAS.
Please find herafter my comments on the following document: http://docs.oasis-open.org/dss-x/profiles/sigpolicy/oasis-dssx-1.0-profiles-sigpolicy-cd01.pdf
Typo errors: 1) Typo error on line 227. Replace “SuppoertedSignaturePolicy” by “SupportedSignaturePolicy” 2) Typo error on line 286: Replace: “ 2.3.2.1.1.1 Optional Input “ 2.3.2.1.1.1 Optional Output The document allows adding new parameters to a SignRequest or to a VerifyRequest. There is however an issue with the VerifyRequest. Line 105. The document states: “Request the verification of a signature under a certain signature policy, if the signature does not contain an identifier of such policy, by using an identifier of that policy”. The verifier should be allowed to verify a signature using a signature policy chosen by it, even if the electronic signature contains an explicit signature policy. In other words, the explicit signature policy, if present, shall be ignored. With the current approach, it would be impossible to override an explicit signature policy. This general comment applies in several places. On line 105, in order to solve this issue, the end of the sentence should be deleted, which means that the sentence should be replaced with: “Request the verification of a signature under a given signature policy”. On line 107, the sentence should be replaced with: “Requesting signature verification under the signature policy identified within the electronic signature, if any identifier is present there”. On line 111, the sentence should be replaced with: “Requesting return of explicit indication of the signature policy identified within the electronic signature, if any identifier is present there”. On lines 239 to 243, the sentences should be replaced with: “This optional input allows to instruct the server to use certain signature policy for verifying all (or selected) signatures. Signatures containing such an explicit indication MUST be verified using the signature policy mentioned in this optional input specified in this section, regardless the contents of the electronic signature”. On lines 273 to 275, there is a related issue with the “DefaultPolicy” which should be renamed “MandatorySignaturePolicy”. The sentences should be replaced with: “Optional element The XML element definition should be changed accordingly. On lines 276 to 278, “ExplicitPolicies” which should be renamed “MandatorySignaturePolicies”. The sentences should be replaced with: “Optional element to verify the referenced signature with the signature policy indicated in the pair. The server returns a list of [signature, signature policy] pairs to indicate for each signature the explicit signature policy that was present, if any”. The XML element definition should be changed accordingly.
On line 287, the sentence should be replaced with: This optional output shall only be returned by the server if the It will indicate the explicit signature policy, if any, associated with each electronic signature. The element should be redefined as: <xs:element
name="VerifiedUnderSignaturePolicy"
<xs:complexType
name="VerifiedUnderSignaturePolicyType"> <xs:sequence>
<xs:element
ref="SignaturePolicy" minOccurs="0"/> <xs:element
ref="SignatureIdentifier" minOccurs="0"/> </xs:sequence>
</xs:complexType> On lines 299, the sentence should be replaced by: « Optional Lines 302 to 307 should probably be deleted. Denis |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]