[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposed reply for Inma's comment on multiple signatures verification
Dear all, I copy below a proposed reply, produced by Nick, for the
message sent by Inma Marin on multi signature verification case.
Regards
Juan Carlos
Proposed reply to message from Inma (see below)
Inma,
Thanks again for your comments.
We discussed this in the DSS TC and came to the conclusion that the
specifics of hanlding complex
multi-signature scenarios, such as you describe below, should be left
to profiling to define the specifics.
Please note that a complete set of our specifications ahev been
released as a committee draft for public review,
open to comments until 2nd Dember.
Do to our home page
(http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss) for
more details.
Nick Pope & Juan Carlos - chairs OASIS DSS.
Subject: About elements ReturnSignerIdentity and ReturnSigningTime in
DSS Core specification
From: Inma Marín López <inma@dif.um.es>
To: <dss-comment@lists.oasis-open.org>
Date: Fri, 8 Sep 2006 15:00:25 +0200
---------------------------------------------------------------------
-----------
Hello!
I have some questions regarding elements in DSS Core specification.
There
are two optional inputs in verification requests:
<ReturnSigningIdentity>
and <ReturnSigningTime> which ask for information about one
signature.
However, there are situations in which a client can send a
<VerificationRequest> including a XML enveloped signature which
includes two
nested signatures (that is, a XML enveloped signature over another
XML
enveloped signature created by another identity), for example:
<OuterDocument Id=”outer”>
…..
<InnerDocument Id=”inner”>
…..
<ds:Signature>
….
<ds:Reference URI=#inner>
…..
</ds:Signature>
</InnerDocument>
<ds:Signature>
….
<ds:Reference URI=#outer>
…..
</ds:Signature>
</OuterDocument>
Supposing that the client wants the service to verify both signatures
(the
request does not include the element <SignaturePtr> or includes it
but not
the attribute ‘XPath’) and wants to know, not only the result of the
verification but also the signer identity and the signing time of
both
signatures (or only of one of them) in a single step (one pair
VerificationRequest/VerificationResponse) ….. Could you be so kind as
to
tell me how the optional inputs <ReturnSignerIdentity> and
<ReturnSigningTime> should be, please? Should them include an
identifier for
the signatures we want to know the information about? And what about
optional outputs <SignerIdentity> and <SigningTime>?
Besides, I would like to know if you are considering the fact of
returning a
whole signing certificate in a VerificationResponse (instead of only
the
SignerIdentity), in case there are applications who desire it to get
information (apart from the identity) about the entity who signed a
document.
Thank you very much in advance.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]