[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: AW: [dss-x] Verification Reports
Dear Detlef, Regarding your second answer "No. The validity of the signing certificate should be reported (...)", I have a small question: * Could it be that Frank actually wants to refer to the signing certificate, identified in his previous question? Then the answer could be (if I'm right): vr:VerificationReport/ vr:IndividualReport/ vr:SignedObjectIdentifier/ vr:SignedProperties/ vr:SignedSignatureProperties/ xades:SigningCertificate Something else: when I read your comment "The vr:IndividualCertificateReport-element is only meant to be used if a certificate is to be verified without a specific signature-related context.", I actually learned that there is a usage restriction: "... if a certificate is to be verified without a specific signature-related context" I have two questions: * How can a reader of this specification determine this constraint? (Should we add this information, at a certain moment, to the document or did I miss something?) * What can we learn from this, regarding the interoperability specifications? It is very specific and import 'knowledge' about how the structures have to be used. Do you think there are more constraints (also regarding other elements)? Regards, Ernst Jan On 11-10-2010 12:14, Huehnlein, Detlef wrote: > Hallo DSS-X-Team, > > as discussed in our last meeting, you will find a draft > of an answer for Frank Cornelis below. As I will NOT be > able to attend our meeting today, you may finally edit the answer > and send it to Frank. > > Best regards, > Detlef > > ------ > > Dear Frank, > > thank you very much for your mail. > >> As part of an eID DSS implementation targeting the Belgian >> eID card, available at: >> http://code.google.com/p/eid-dss/ >> I've implemented OASIS DSS core and the VR profile. I'm >> looking for feedback on this to be sure that I've interpreted >> the VR profile correctly. A protocol run by example is >> available as part of the eID DSS developer's guide at: >> >> http://eid-dss.googlecode.com/files/eid-dss-dev-guide-15-09-2010.pdf >> under section "3. OASIS DSS Web Service". So here are my questions: >> Is it OK to use >> vr:VerificationReport/vr:IndividualReport/vr:SignedObjectIdent >> ifier/vr:SignedProperties/vr:SignedSignatureProperties/xades:S >> igningTime to uniquely identify the signature? > Yes. Using the xades:SigningTime-property to identify the signature is usually > a good idea, as using this element as identifier is very natural for human > consumers of a verification report. However if it can not be guaranteed that > the signing time alone is sufficient to provide uniqueness, it is advisable to > also use additional identifiers to ensure unique identification of signatures. > >> Is it OK to use >> vr:VerificationReport/vr:IndividualReport/vr:Details/vr:Indivi >> dualCertificateReport/vr:CertificateValue to get the signing >> certificate? > No. The validity of the signing certificate should be reported > in the first vr:CertificateValidity-element within vr:DetailedSignatureReport/vr:CertificatePathValidity/vr:PathValidityDetail. > The vr:IndividualCertificateReport-element is only meant to be used > if a certificate is to be verified without a specific signature-related context. > > --- > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]