'Re: [dss-x] Your views on Signed Verification Response profile requirements document

[Andreas Kuehne <kuehne@trustable.de>]

Hi Marta,

that' s a very interesting approach ! As you might know that the 'German 
Sig Profile' is targeting in the same direction :
Make a statement about the legal value of a signature / create a 
statement following a specific legal policy.

The major problem I see is the enumeration of all legal variants ( even 
if we restrict ourselves to the EU ) . Giving just a 
two-letter-country-code won't be sufficient.

If you ( or anyone else ) sees a possibility to somehow progress in that 
direction I'll be with you ...

Greetings

Andreas

----- Original Message ----
From: Marta Cruellas <mcruellas@catcert.net>
To: Andreas Kuehne <kuehne@trustable.de>
Cc: dss-x@lists.oasis-open.org
Sent: Monday, November 12, 2007 4:48:55 PM
Subject: RE: [dss-x] Your views on Signed Verification Response profile 
requirements document


Dear Andreas,

About this use case you suggested: sometime ago we defined a SAML
assertion ("SignatureStatement") which includes new elements used in 
support
of signature federations. Using these elements, the SAML asserting
authority grants a relying party that a valid signature has been 
produced
for a concrete purpose in a concrete jurisdiction, and proper evidence
has been produced and is archived.

Please, find attached the document describing this "SAML Signature
Statement".

Do you think it could be interesting to define a new
"SignatureStatment" DSS profile? We think so...

Best regards,
Marta


-----Mensaje original-----
De: Andreas Kuehne [mailto:kuehne@trustable.de]
Enviado el: domingo, 11 de noviembre de 2007 17:29
Para: Huehnlein, Detlef
CC: dss-x@lists.oasis-open.org
Asunto: Re: [dss-x] Your views on Signed Verification Response profile
requirements document


Hi  Detlef,

>  In a typical DSS-scenario (at least as I understood DSS so far) the
>  client will (at the moment he uses DSS) not be able to generate or
>  verify (the required type of) signatures, because otherwise he would
>  not use DSS at all.

I can think of an additional usecase :
The client knows how to verify a very limited set of signatures, bur
needs to proof a certain signature outside its scope. So the client
uses
a trusted DSS verification server to do the verification. E. g. it's
quite a hassle to be sure about the legal valie of a foreign signature
even within the EU. So a verification service with proven authentity of

the result seem useful to me.

Greetings

Andreas





___________________________________________________
Andreas Kühne
phone: +49 177 293 24 97
mailto: kuehne@trustable.de


Trustable Ltd.
Niederlassung Deutschland
Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868

Directors
Andreas Kühne
Heiko Veit

Company UK
Company No: 5218868
Registered in England and Wales