[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Signature Verification Output
Tony,
I am sure there are a lot situations where the requestor wants to
know what is the information actually signed by the signtature.
What's the worth of a signature if I do not know what the signature
is about?
/Gregor
> -----Original Message-----
> From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
> Sent: Monday, March 31, 2003 10:40 PM
> To: dss@lists.oasis-open.org
> Subject: Re: [dss] Signature Verification Output
[...]
> Why isn't this a "validation service" ? In most cases the
> "client" (should be requestor here) won't know what to do
> with the transformed data, and other signature-related info.
> How does this fit into signing/validating WS-Security headers ?
[...]
>> One big remaining question: does the verification service just:
>> A) verify the signature (return true/false), or
>> B) return the transformed data, and other signature-related
>> info to the client in an easy-to-read form
>>
>> The current requirements document says the latter (3.7.2 and
>> 3.7.3), but that's tentative. Should those sections stay in or not?
>>
>> Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]