[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Signature Gateway Profile
The Signature Gateway Profile incorporates the concept of a requestor who sends a signed message to a DSS server. The DSS server validates the message and executes another signature. What would be the best ways to handle the following concepts? 1. The signature created by the requestor has multiple purposes. One purpose is authentication; and another purpose is to protect the integrity of a document included within the request. How should the dual nature of the signature be referenced in DSS? Should we take advantage of the XML ref construct by explicitly referencing the same signature from the SupportingInfo of ClaimedIdentity/RequesterIdentity and the signature of the document? 2. Which is the best construct for referencing the signature of the document? 3. The same request asks the DSS server to first verify a signature and then execute another signature. Is this a signature request or a verification request?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]