OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x] Usage of ETSI Electronic Signatures Portal for DSS protocol interop event

Hi Juan Carlos,

> As agreed in our last call, I have sketched some few slides that may
> serve us for discussing how to use the ETSI portal for
> interoperability events on DSS protocol...
thanks for outlining the two major approaches!

Keeping with the XAdES-proven repository model would take advantage of
the infrastructure already in place and the participants can work
asynchronously. But the downside of this model is that the repository
would contain the two halves of the DSS call, a request and a response.
This would require a client taking part in the InterOp to be able to
process a response that he did _not_ initiated. And the server would
create a response to probably the same request any times.

So the problems with the repository approach are:
- In contrast to XAdES we deal with two distinct groups of participants:
clients and servers.
- In contrast to XAdES we deal with two distinct data objects: requests
and responses.
- The responses are expected to be processed (and thereby validated) by
a client that did NOT initiated the request.
- The dynamic aspects of the DSS protocol will get lost (e.g. uniqueness
of the request id). That would especially affect the tests of the
asynchronous protocol.

In the 'router' scenario you outlined that one client request will be
routed to a set of servers. I see the same problems here like the ones
mentioned above: A client is expecting a single response for a single
request. It is usually not capable of handling of bunch of responses.
And again the test of asynchronous protocol would be impossible.

So I would change the flow here to have a one-to-one relationship
between request and response. The clients must make a call for each and
every available server. This is a bit tricky, as the clients may not be
aware of the current set of servers. Moreover the 'router' is not aware
of the final outcome of the call.

Approach 'Repository of servers and outcomes'
A possible solution could be a additional interface for the client to
retrieve the list of servers and to feed back the outcome of the call to
the InterOp infrastructure. So the central part boils down to a
repository of servers and outcomes. Routing through a central instance
could be an option, but is not required. The direct connection between
client and server without the router could enable the testing of the DSS
protocol while using transport layer security or special transports like
Message Queues. This way the overall solution is like the the XAdES
scenario and not too much change is required on the portal side.

See an outline of this solution in the slides attached ...



Andreas Kühne 
phone: +49 177 293 24 97 
mailto: kuehne@trustable.de

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales 

Attachment: ETSIPortalForInterOp.ppt
Description: MS-Powerpoint presentation

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]