[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AW: [dss-x] Your views on Signed Verification Response profile requirements document
Dear Marta, I'm not sure, whether we all have a clear picture concerning the main use cases for the proposed signed (verification) responses yet. In a typical DSS-scenario (at least as I understood DSS so far) the client will (at the moment he uses DSS) not be able to generate or verify (the required type of) signatures, because otherwise he would not use DSS at all. Is the main use case for having signed (verification) responses to be able to PROVE AT A LATER POINT IN TIME that the specific server generated or verified the signature? ... Or is the main motivation to protect the TRANSMITTED DATA AT THE CURRENT TIME? In the first case one might want to include some sort of time stamp in the response and in the second case it might be interesting to use signatures, which are produced by the server using a shared secret. Maybe you could provide some more information about the use cases you have in mind? Best regards, Detlef > -----Ursprüngliche Nachricht----- > Von: Marta Cruellas [mailto:mcruellas@catcert.net] > Gesendet: Donnerstag, 8. November 2007 19:23 > An: Juan Carlos Cruellas > Cc: dss-x@lists.oasis-open.org > Betreff: RE: [dss-x] Your views on Signed Verification > Response profile requirements document > > Dear Juan Carlos, > > I have not read any comments on this profile... > > Anyway, if this first consolidated version of the > requirements document has to include just functional > requirements, we could produce it. In fact, it's a quite > simple profile from a functional point of view... > > But if it has also to include some technical requirements I > would very much appreciate some comments, especially about > which signature format seems to be more suitable for the > signature which has to be produced and included in a > <ResponseSignature> element. > > Or maybe, does this kind of technical requirements have to be > discussed while working on the profile itself? I'm sorry, but > I'm not familiar with the procedure :-) > > Thanks and regards, > Marta > > > > > -----Mensaje original----- > De: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu] Enviado > el: viernes, 02 de noviembre de 2007 18:06 > Para: dss-x@lists.oasis-open.org; Marta Cruellas > Asunto: [dss-x] Your views on Signed Verification Response > profile requirements document > > > Dear Marta, > > At the last conf call, we were uncertain on the current status of the > work on requirements for the Signed Verification Response > Profile. WOuld > you say that if you do not receive additional comments before > the next > meeting it could be possible to produce a first consolidated > version of > the requirements document and start working on the profile itself? > > Regards and thanks > > Juan Carlos. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS > TC that generates this mail. You may a link to this group > and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr > oups.php > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all > your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr > oups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]