[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Comments on oasis-dssx-1.0-profiles-sigpolicy-cd01 18 May 2009
Dear Denis, Thank you very much indeed for your comments. The DSS-X will process them. We hope to provide feedback likely after August. Best regards and again thank you for the comments. Juan Carlos. Denis Pinkas escribió: > From Denis Pinkas. Bull SAS. > > Please find herafter my comments on the following document: > http://docs.oasis-open.org/dss-x/profiles/sigpolicy/oasis-dssx-1.0-profiles-sigpolicy-cd01.pdf > > > Typo errors: > > 1) Typo error on line 227. Replace “SuppoertedSignaturePolicy” > by “SupportedSignaturePolicy” > > 2) Typo error on line 286: Replace: > “ 2.3.2.1.1.1 Optional Input “ with > “ 2.3.2.1.1.1 Optional Output “. > > The document allows adding new parameters to a SignRequest or to a VerifyRequest. > > There is however an issue with the VerifyRequest. > > Line 105. The document states: > “Request the verification of a signature under a certain signature policy, > if the signature does not contain an identifier of such policy, by using an identifier of that policy”. > > > The verifier should be allowed to verify a signature using a signature policy chosen by it, > even if the electronic signature contains an explicit signature policy. In other words, > the explicit signature policy, if present, shall be ignored. With the current approach, > it would be impossible to override an explicit signature policy. > > This general comment applies in several places. > > On line 105, in order to solve this issue, the end of the sentence should be deleted, > which means that the sentence should be replaced with: “Request the verification of a signature > under a given signature policy”. > > On line 107, the sentence should be replaced with: “Requesting signature verification > under the signature policy identified within the electronic signature, if any identifier is present there”. > > > On line 111, the sentence should be replaced with: “Requesting return of explicit indication of the signature policy > identified within the electronic signature, if any identifier is present there”. > > > On lines 239 to 243, the sentences should be replaced with: > > “This optional input allows to instruct the server to use certain signature policy for verifying all > (or selected) signatures. > > Signatures containing such an explicit indication MUST be verified using the signature policy mentioned > in this optional input specified in this section, regardless the contents of the electronic signature”. > > > On lines 273 to 275, there is a related issue with the “DefaultPolicy” > which should be renamed > “MandatorySignaturePolicy”. The sentences should be replaced with: > > “Optional element specifies a mandatory signature policy that the server shall use for verifying any found signature”. > The XML element definition should be changed accordingly. > > On lines 276 to 278, “ExplicitPolicies” > which should be renamed “MandatorySignaturePolicies”. > The sentences should be replaced with: > > “Optional element is a list of [signature, signature policy] pairs, each one instructing the server > to verify the referenced signature with the signature policy indicated in the pair. The server returns > a list of [signature, signature policy] pairs to indicate for each signature the explicit signature policy > that was present, if any”. > The XML element definition should be changed accordingly. > > On line 287, the sentence should be replaced with: > > This optional output shall only be returned by the server if the element is present in the VerifyRequest. > It will indicate the explicit signature policy, if any, associated with each electronic signature. > > > The element should be redefined as: > > <xs:element name="VerifiedUnderSignaturePolicy" > type="VerifiedUnderSignaturePolicyType"/> > > <xs:complexType name="VerifiedUnderSignaturePolicyType"> > > <xs:sequence> > > <xs:element ref="SignaturePolicy" minOccurs="0"/> > > <xs:element ref="SignatureIdentifier" minOccurs="0"/> > > </xs:sequence> > > </xs:complexType> > > > On lines 299, the sentence should be replaced by: > > « > Optional references the explicit signature policy, if any, that was associated with the referenced signature». > > > Lines 302 to 307 should probably be deleted. > > Denis
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]