[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Additional certficate information
As a follow up to my comments during the last days and this morning. 1: Line 424 of the browser-sso-draft says: 'Other certificate information MAY be included in additional child elements of the <ds:X509Data> The restrictions of holder-of-key concerning the choice that can be selected in the X509DataType doesn't seem to prohibit to add arbitrary elements of the <any> choice. If my reading is correct, one can include for example the XER encoding of a certificate at that place simplifying the parsing of the certificate. Or a sequence of saml attributs 2; Line 447ff permit to use other information from the certificate for whatever other purpose. This can obviously by decoding the certificate, but IMO it is not prohibited to have additional elements in the X509Data prepared by the ID provider. 3: What is the reason for disallowing X509CRL ? (Not that I want them). TIA for any additional response. Peter
S/MIME Cryptographic Signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]