OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Verification Reports


As part of an eID DSS implementation targeting the Belgian eID card, available at:
I've implemented OASIS DSS core and the VR profile. I'm looking for feedback on this to be sure that I've interpreted the VR profile correctly. A protocol run by example is available as part of the eID DSS developer's guide at:
under section "3. OASIS DSS Web Service". So here are my questions:
Is it OK to use vr:VerificationReport/vr:IndividualReport/vr:SignedObjectIdentifier/vr:SignedProperties/vr:SignedSignatureProperties/xades:SigningTime to uniquely identify the signature?
Is it OK to use vr:VerificationReport/vr:IndividualReport/vr:Details/vr:IndividualCertificateReport/vr:CertificateValue to get the signing certificate?

Besides the VR profile implementation, section 2 of the same developer's guide also highlights the implementation of an "eID DSS Browser POST Protocol" for the creation of eID based signatures that require interaction with the web browser of the end-user. What I would like to do is to define a similar Browser POST profile on top of the OASIS DSS core. So where to get started? I just do some implementation, document it and send it over for review?

Thanks in advance,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]