OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ACTION#0017: launching discussion on signature policy profile.

Dear all,

Just these few lines for launching discussions on requirements for the 
profile on signature policy:

The goal of such an abstract profile is to incorporate mechanisms that 
allow a global management of the
signature policy concept both in the generation and in the verification 

Below follow some initial ideas of features that the profile could 
incorporate. Could we discuss it in order to ammend, improve and get a 
more complete list of requirements for this profile?:

1. SignRequest-SignResponse.


- (Mandatory)The profile should be able to explicitly request the 
generation of a signature under a certain policy,
  and indicate which one.

- The user should also be able to request to the server that the 
signature incorporates the explicit identifier
  of the signature (within a AdES signature, then)

- Any other feature?


- Apart from the signature itself, the server could return indication of 
the policy under which
  it has generated the signature.

- Also some code error in case the server may not sign with the required 
sig pol: and maybe in this
  case some indication of the sig pols that it supports.
  This last point brings the issue whether it would be worth to have a 
kind of query protocol by which
  a client could ask the server what sign pols it supports or if it 
supports a specific one without building
  a complete sign request... and thinking further, would it be 
convenient to define  general query protocol by which
  clients could get info from what the server may offer them before 
asking for the service itself?

- Any other?

2. VerifyRequest-VerifyResponse

Apart the query issue (ie, ask if a server may verify signatures under a 
certain sig pol, or ask
which sig pols it supports), an initial list follows:


- Client should be able to instruct the server to verify signatures 
under certain sig pol if the signatures
do not explicitly indicate it.

- Also instruct the server to strictly use the sig pol explicitly 
indicated in the signature if any.

- Client should be able to request to the server that it returns 
explicit information of the signature policy under which
it has verified the signature.

- Any other?


- Indication of the sig pol under which the signature has been verified.

- Also some code error in case server does not support a certain sig 
pol. Optionally list of supported sig pols. Same
comments on query protocol as before.

- Any other?


Juan Carlos.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]