[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Signature Gateway Profile
At 05:29 PM 11/1/2004 -0500, Glenn.Benson@chase.com wrote: >The Signature Gateway Profile incorporates the concept of a requestor who >sends a signed message to a DSS server. The DSS server validates the >message and executes another signature. What would be the best ways to >handle the following concepts? > >1. The signature created by the requestor has multiple purposes. I thought the DSS "requester" didn't create the signature, but just intercepted and sent it to a DSS server? I.e.: - PSTP signature created by some party, sent to inline proxy - inline proxy sends signature to DSS server, receives back updated signature - inline proxy forwards updated signature to backend server In this case the PSTP signature is separate from "requester authentication". The PSTP signature binds the signer to a document, requester authentication binds the requester to a request. >One purpose is authentication; and another purpose is to protect the integrity >of a document included within the request. How should the dual nature of >the signature be referenced in DSS? Should we take advantage of the XML >ref construct by explicitly referencing the same signature from the >SupportingInfo of ClaimedIdentity/RequesterIdentity and the signature of >the document? I don't think you need to do that, since <ClaimedIdentity> pertains to the DSS requester's identity, which is separate from the signer's identity. [...] >3. The same request asks the DSS server to first verify a signature and >then execute another signature. Is this a signature request or a >verification request? Verify, with <ReturnUpdatedSignature>. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]