[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Signature Gateway Profile
John, Sorry for the delay in my response. Please see the following messages which motivate the Signature Gateway Profile: http://lists.oasis-open.org/archives/dss/200410/msg00029.html http://lists.oasis-open.org/archives/dss/200410/msg00040.html http://lists.oasis-open.org/archives/dss/200410/msg00069.html With respect to my three questions below, Trevor helped me with some answers: 1. The incoming signature binds a signer to document; and the requester signature binds a requester to a request. So, we can disregard the question of the "dual" nature of the signature. 2,3. The request should be a VerifyRequest because it allows for a verification of an existing signature combined with a request for a new signature. We may use <ReturnUpdatedSignature> Thanks, Glenn John Messing <jmessing@law-on- To: Glenn.Benson@chase.com line.com> cc: Subject: [FWD: RE: [dss] Signature Gateway Profile] 11/03/2004 07:22 PM Dear Glenn: I posted this question to the list and received no answer. I am posing it to you again. I believe as a voting member of the TC representing the American Bar Association I am not out of line in asking it. I would appreciate a response at your earliest convenience. Thank you. > -------- Original Message -------- > Subject: RE: [dss] Signature Gateway Profile > From: "John Messing" <jmessing@law-on-line.com> > Date: Mon, November 01, 2004 5:52 pm > To: Glenn.Benson@chase.com > Cc: dss@lists.oasis-open.org > > Where is this useful? > > > -------- Original Message -------- > > Subject: [dss] Signature Gateway Profile > > From: Glenn.Benson@chase.com > > Date: Mon, November 01, 2004 3:29 pm > > To: dss@lists.oasis-open.org > > > > The Signature Gateway Profile incorporates the concept of a requestor who > > sends a signed message to a DSS server. The DSS server validates the > > message and executes another signature. What would be the best ways to > > handle the following concepts? > > > > 1. The signature created by the requestor has multiple purposes. One > > purpose is authentication; and another purpose is to protect the integrity > > of a document included within the request. How should the dual nature of > > the signature be referenced in DSS? Should we take advantage of the XML > > ref construct by explicitly referencing the same signature from the > > SupportingInfo of ClaimedIdentity/RequesterIdentity and the signature of > > the document? > > 2. Which is the best construct for referencing the signature of the > > document? > > 3. The same request asks the DSS server to first verify a signature and > > then execute another signature. Is this a signature request or a > > verification request? > > > > > > > > > > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php . > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]