[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] JPMorgan/RSA message
Glenn, I'm still trying to figure what parts of your technology overlap with DSS, and how they'd fit into profiles. It seems there's 3 pieces: 1) An authentication technology (PSTP) for authenticating clients to signature servers. This could be an "abstract profile" of DSS, profiling the <ClaimedIdentity> optional input to carry a PSTP signature (abstract profiles can be combined with other profiles; see Paul Madsen's profile integration doc: http://www.oasis-open.org/apps/org/workgroup/dss/download.php/6175/profile-integration-01.doc). 2) The concept of an inline Signature Gateway. It's not clear how this fits with DSS. Are DSS <SignRequest> messages sent inline as well? Or does the inline server call a DSS server? 3) A way of augmenting a signature (adding a MAC counter-signature). This is more a profile of the signature format than of the DSS protocol, but could make sense in DSS, if it's a DSS server doing the augmenting. If this is a good breakdown, I'm curious which pieces you're interested in standardizing through DSS, and how you'd want to factor things (i.e., would pieces be reusable apart from the whole)? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]