OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Local signatures: DSS/XML => JSON alternatives

Dear List,
There was recently a discussion about signatures in LinkedIn (Electronic / Digital Signature in the EU).

Andreas Kühne thought that I should post my comments to the DSS-X list as well and here they are :-)

I understand that you wanted to keep the DSS standard as unchanged as possible, right?

I have not bothered about existing standards so in my take on local signatures the SignatureRequest provides the entire document while the SignatureResponse *minimally* only holds the associated signed digest:

Another thing which I consider crucial is the ability to "filter out" keys that the RP isn't interested in. This is also a part of a"companion" authentication solution I'm working on:

You do several references to SIM-cards and ISO 7816. Personally I don't think any of the ETSI standards for SSCD will get far in mobile devices; tablets do for example not even come with SIM-cards generally. The following developments looks quite promising:

Unfortunately Europe is pretty disconnected from this after the sad demise of Nokia.

Lately I have rewritten all my stuff to use JSON as well, not because it is better, but due to fact that Android doesn't come with XSD support and I guess it never will.  Anyway, the resulting code became comparable while the library got 2 MB shorter (dropped XERCES) so I don't regret this change although it was a bit hard.

Since XMLDSig doesn't have a direct JSON counterpart, I also designed such a thing:

Anders Rundgren

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]