OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss-comment] About elements ReturnSignerIdentity and ReturnSigningTime in DSS Core specification


Thanks again for your comments.  Sincere apologies for the delay in

We discussed this in the DSS TC and came to the conclusion that the
specifics of handling complex multi-signature scenarios, such as you
describe below, should be left to profiling to define the specifics.

Please note that a complete set of our specifications they been released
for public review, open to comments until 2nd December.
Go to our home page
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss) for more


Nick Pope

> -----Original Message-----
> From: Inma Marín López [mailto:inma@dif.um.es]
> Sent: 08 September 2006 14:00
> To: dss-comment@lists.oasis-open.org
> Subject: [dss-comment] About elements ReturnSignerIdentity and
> ReturnSigningTime in DSS Core specification
> Hello!
> I have some questions regarding elements in DSS Core specification. There
> are two optional inputs in verification requests: <ReturnSigningIdentity>
> and <ReturnSigningTime> which ask for information about one signature.
> However, there are situations in which a client can send a
> <VerificationRequest> including a XML enveloped signature which includes
> two
> nested signatures (that is, a XML enveloped signature over another XML
> enveloped signature created by another identity), for example:
> <OuterDocument Id=”outer”>
>   …..
>   <InnerDocument Id=”inner”>
>      …..
>      <ds:Signature>
>        ….
>          <ds:Reference URI=#inner>
>        …..
>      </ds:Signature>
>    </InnerDocument>
>     <ds:Signature>
>        ….
>          <ds:Reference URI=#outer>
>        …..
>     </ds:Signature>
> </OuterDocument>
> Supposing that the client wants the service to verify both signatures (the
> request does not include the element <SignaturePtr> or includes it but not
> the attribute ‘XPath’) and wants to know, not only the result of the
> verification but also the signer identity and the signing time of both
> signatures (or only of one of them) in a single step (one pair
> VerificationRequest/VerificationResponse) ….. Could you be so kind as to
> tell me how the optional inputs <ReturnSignerIdentity> and
> <ReturnSigningTime> should be, please? Should them include an identifier
> for
> the signatures we want to know the information about? And what about
> optional outputs <SignerIdentity> and <SigningTime>?
> Besides, I would like to know if you are considering the fact of returning
> a
> whole signing certificate in a VerificationResponse (instead of only the
> SignerIdentity), in case there are applications who desire it  to get
> information (apart from the identity) about the entity who signed a
> document.
> Thank you very much in advance.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]