[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ACTION#0017: launching discussion on signature policy profile.
Dear all, Just these few lines for launching discussions on requirements for the profile on signature policy: The goal of such an abstract profile is to incorporate mechanisms that allow a global management of the signature policy concept both in the generation and in the verification time. Below follow some initial ideas of features that the profile could incorporate. Could we discuss it in order to ammend, improve and get a more complete list of requirements for this profile?: 1. SignRequest-SignResponse. REQUEST: - (Mandatory)The profile should be able to explicitly request the generation of a signature under a certain policy, and indicate which one. - The user should also be able to request to the server that the signature incorporates the explicit identifier of the signature (within a AdES signature, then) - Any other feature? RESPONSE: - Apart from the signature itself, the server could return indication of the policy under which it has generated the signature. - Also some code error in case the server may not sign with the required sig pol: and maybe in this case some indication of the sig pols that it supports. This last point brings the issue whether it would be worth to have a kind of query protocol by which a client could ask the server what sign pols it supports or if it supports a specific one without building a complete sign request... and thinking further, would it be convenient to define general query protocol by which clients could get info from what the server may offer them before asking for the service itself? - Any other? 2. VerifyRequest-VerifyResponse Apart the query issue (ie, ask if a server may verify signatures under a certain sig pol, or ask which sig pols it supports), an initial list follows: REQUEST: - Client should be able to instruct the server to verify signatures under certain sig pol if the signatures do not explicitly indicate it. - Also instruct the server to strictly use the sig pol explicitly indicated in the signature if any. - Client should be able to request to the server that it returns explicit information of the signature policy under which it has verified the signature. - Any other? RESPONSE: - Indication of the sig pol under which the signature has been verified. - Also some code error in case server does not support a certain sig pol. Optionally list of supported sig pols. Same comments on query protocol as before. - Any other? Regards Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]