[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Signature Verification Output
Tony, I am sure there are a lot situations where the requestor wants to know what is the information actually signed by the signtature. What's the worth of a signature if I do not know what the signature is about? /Gregor > -----Original Message----- > From: Anthony Nadalin [mailto:drsecure@us.ibm.com] > Sent: Monday, March 31, 2003 10:40 PM > To: dss@lists.oasis-open.org > Subject: Re: [dss] Signature Verification Output [...] > Why isn't this a "validation service" ? In most cases the > "client" (should be requestor here) won't know what to do > with the transformed data, and other signature-related info. > How does this fit into signing/validating WS-Security headers ? [...] >> One big remaining question: does the verification service just: >> A) verify the signature (return true/false), or >> B) return the transformed data, and other signature-related >> info to the client in an easy-to-read form >> >> The current requirements document says the latter (3.7.2 and >> 3.7.3), but that's tentative. Should those sections stay in or not? >> >> Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]