[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Signature Gateway Profile
John,
Sorry for the delay in my response. Please see the following messages
which motivate the Signature Gateway Profile:
http://lists.oasis-open.org/archives/dss/200410/msg00029.html
http://lists.oasis-open.org/archives/dss/200410/msg00040.html
http://lists.oasis-open.org/archives/dss/200410/msg00069.html
With respect to my three questions below, Trevor helped me with some
answers:
1. The incoming signature binds a signer to document; and the requester
signature binds a requester to a request. So, we can disregard the
question of the "dual" nature of the signature.
2,3. The request should be a VerifyRequest because it allows for a
verification of an existing signature combined with a request for a new
signature. We may use <ReturnUpdatedSignature>
Thanks,
Glenn
John Messing
<jmessing@law-on- To: Glenn.Benson@chase.com
line.com> cc:
Subject: [FWD: RE: [dss] Signature Gateway Profile]
11/03/2004 07:22
PM
Dear Glenn:
I posted this question to the list and received no answer. I am posing
it to you again. I believe as a voting member of the TC representing
the American Bar Association I am not out of line in asking it.
I would appreciate a response at your earliest convenience.
Thank you.
> -------- Original Message --------
> Subject: RE: [dss] Signature Gateway Profile
> From: "John Messing" <jmessing@law-on-line.com>
> Date: Mon, November 01, 2004 5:52 pm
> To: Glenn.Benson@chase.com
> Cc: dss@lists.oasis-open.org
>
> Where is this useful?
>
> > -------- Original Message --------
> > Subject: [dss] Signature Gateway Profile
> > From: Glenn.Benson@chase.com
> > Date: Mon, November 01, 2004 3:29 pm
> > To: dss@lists.oasis-open.org
> >
> > The Signature Gateway Profile incorporates the concept of a requestor
who
> > sends a signed message to a DSS server. The DSS server validates the
> > message and executes another signature. What would be the best ways to
> > handle the following concepts?
> >
> > 1. The signature created by the requestor has multiple purposes. One
> > purpose is authentication; and another purpose is to protect the
integrity
> > of a document included within the request. How should the dual nature
of
> > the signature be referenced in DSS? Should we take advantage of the
XML
> > ref construct by explicitly referencing the same signature from the
> > SupportingInfo of ClaimedIdentity/RequesterIdentity and the signature
of
> > the document?
> > 2. Which is the best construct for referencing the signature of the
> > document?
> > 3. The same request asks the DSS server to first verify a signature
and
> > then execute another signature. Is this a signature request or a
> > verification request?
> >
> >
> >
> >
> >
> >
> > To unsubscribe from this mailing list (and be removed from the roster
of the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]