[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Representing requestor's identity
John, Is it not possible for two parties to agree in a contract, such as an EDI interchange agreement, to adopt the rules for creation and validation of signatures as specified in a signature policy for subsequent exchanges. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 30 April 2003 13:47 > To: dss@lists.oasis-open.org > Subject: RE: [dss] Representing requestor's identity > > > I don't believe the subject properly falls within signature policy. > > "If no signature policy is identified then the signature may be > assumed to have been generated/verified without any policy > constraints, and hence may be given no specific legal or > contractual significance through the context of a signature policy." > > The common law doctrines of apparent and express authority do not > fit this notion of a signature policy. Other semantics are > required to prevent, for example, a rogue corporate signature > created by an unauthorized individual as a matter of law and not > signature policy binding a corporation to a transaction against its will. > > Without it, a corporate signature DSS could become a legal Frankenstein. > > ---------- Original Message ---------------------------------- > From: Trevor Perrin <trevp@trevp.net> > Date: Wed, 30 Apr 2003 00:34:10 -0700 > > >At 11:07 PM 4/29/2003 -0400, jmessing wrote: > > > >> > > >> >This sounds less like signed attributes the signer would add to a > >> >particular signature, and more like policies, validity > intervals, and name > >> >constraints a CA would add to the DSS Server's certificate. > >> > >>I disagree. It relates to a trust relationship expressed between a > >>requestor and the DSS. It has nothing to do with the DSS certificate. > > > >okay. This sounds like a signature policy then - you'd want to > include a > >SignaturePolicyIdentifer (like in XAdES 5.2.3) as a signed > attribute that > >clarifies the semantics of the signature - in this case, it > would clarify > >the relationship between the signer and requestor. We decided not to > >commit ourselves to particular representations of signature > policies like > >XAdES, but this sort of additional attribute is allowed under > 3.2.3 of the > >requirements. Is that sufficient? > > > >http://www.w3.org/TR/XAdES/#Syntax_for_XAdES_The_SignaturePolicyI dentifier_element > >Trevor > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]