OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AW: [dss-x] Groups - Requirements for multi-signature comprehensive reports profile (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signature-verification-report_v0.1.doc) uploaded


Hallo Juan Carlos,

I will briefly provide some feedback concerning your 
comments in the uploaded document below:

>OS1: The mention to "legal validity" could open all kind of discussions on what is required to attest this legal 
>validity. Taking into account that this may vary from one place to the other I would suppress the mention to legal 
>validity.  Could we find some alternative wording?

You are right, that the requirments for "legal validity" vary from
one country to another and hence we should not discuss this topic in
detail. Nevertheless the full individual verification report should be 
designed in a way, which covers all (known) requirements or at least 
is extensible such that it may comprise all necessary information to reach 
this goal. Furthermore I would not be surprised, if it would turn out 
that considering the European (and especially German) requirements 
would probably lead to a report, which may fulfill the requirements
of other countries as well. 

>OS2: I would use signed properties.... To differentiate from the signed data objects, 
>ie the data objects signed by the signature to be verified.

What I meant here is that it should be possible to verify the signed objects
(certificates, time stamps, CRLs, OCSP-responses), even if they do NOT appear
as signed property (within some signature) but as standalone object. But we may 
further discuss this requirement.
 
>OS3: Are you still talking of signed properties
No. I really meant signed objects (i.e. any object, which happens to be signed).

>OS4: As above, use signed property
We should probably briefly discuss this point in the next telco.

>OS5: To me this reads as the whole first part (section 2.1) and if so, 
>I would suggest to delete it.

Yes, I agree.

>OS6: I think that here we are overlapping with other profile. Could it be possible 
>to leave this out of the scope, but cross reference this other profile  and take a 
>look to what is going on in the signature policy profile?

Yes, we can reduce this requirement to a simple reference to the other profile.

>OS7: Again, here we are overlapping with another purported profile: the one that allows 
>to request verification and return of a signed response (but you made a good point, maybe 
>is required not only signed but signed and time-stamped responses). I would delete it or 
>just cross reference the relationship with this other profile.

Yes, again, we can reduce this requirement to a simple reference to the other profile.

BR,
  Detlef
> -----Ursprüngliche Nachricht-----
> Von: cruellas@ac.upc.edu [mailto:cruellas@ac.upc.edu] 
> Gesendet: Freitag, 4. Januar 2008 11:11
> An: dss-x@lists.oasis-open.org
> Betreff: [dss-x] Groups - Requirements for multi-signature 
> comprehensive reports profile 
> (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signa
> ture-verification-report_v0.1.doc) uploaded
> 
> Dear all, please find at the URL the initial version of the 
> requirements document for the multi-signature comprehensive 
> report profile. Please, take into account that this is just 
> an initial version, containing revision marks and comments 
> that have to be further discussed.
> 
>  -- Juan Cruellas
> 
> The document named Requirements for multi-signature 
> comprehensive reports profile
> (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signa
> ture-verification-report_v0.1.doc)
> has been submitted by Juan Cruellas to the OASIS Digital 
> Signature Services eXtended (DSS-X) TC document repository.
> 
> Document Description:
> 
> 
> View Document Details:
> http://www.oasis-open.org/apps/org/workgroup/dss-x/document.ph
> p?document_id=26710
> 
> Download Document:  
> http://www.oasis-open.org/apps/org/workgroup/dss-x/download.ph
> p/26710/2007-12-12-Proposal_oasis-dss-profile-for-comprehensiv
> e-signature-verification-report_v0.1.doc
> 
> 
> PLEASE NOTE:  If the above links do not work for you, your 
> email application may be breaking the link into two pieces.  
> You may be able to copy and paste the entire link address 
> into the address field of your web browser.
> 
> -OASIS Open Administration
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]