OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Signature Verification Output

Tony,

Agreed. This is exactly what I said in my reply to Trevor's
question. The requester should determine whether he wants to
get back the signed-data information or not.  

/Gregor

> -----Original Message-----
> From: Anthony Nadalin [mailto:drsecure@us.ibm.com] 
> Sent: Tuesday, April 01, 2003 3:02 PM
> To: dss@lists.oasis-open.org
> Subject: RE: [dss] Signature Verification Output 
> 
> 
> 
> 
> 
> 
> The key here is MAY want to return information, as some 
> clients may not be able to process the information and can't 
> handle passing any information back
> 
> Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
> 
> 
> |---------+---------------------------->
> |         |           "Gregor          |
> |         |           Karlinger"       |
> |         |           <gregor.karlinger|
> |         |           @cio.gv.at>      |
> |         |                            |
> |         |           04/01/2003 12:49 |
> |         |           AM               |
> |---------+---------------------------->
>   
> >-------------------------------------------------------------
> --------------------------------------------------------------
> -------------------|
>   |                                                           
>                                                               
>                      |
>   |       To:       Anthony Nadalin/Austin/IBM@IBMUS          
>                                                               
>                      |
>   |       cc:       <dss@lists.oasis-open.org>                
>                                                               
>                      |
>   |       Subject:  RE: [dss] Signature Verification Output   
>                                                               
>                      |
>   
> >-------------------------------------------------------------
> --------------------------------------------------------------
> -------------------|
> 
> 
> 
> 
> Tony,
> 
> I am sure there are a lot situations where the requestor 
> wants to know what is the information actually signed by the 
> signtature.
> 
> What's the worth of a signature if I do not know what the 
> signature is about?
> 
> /Gregor
> 
> > -----Original Message-----
> > From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
> > Sent: Monday, March 31, 2003 10:40 PM
> > To: dss@lists.oasis-open.org
> > Subject: Re: [dss] Signature Verification Output
> 
> [...]
> 
> > Why isn't this a "validation service" ? In most cases the "client" 
> > (should be requestor here) won't know what to do with the 
> transformed 
> > data, and other signature-related info. How does this fit into 
> > signing/validating WS-Security headers ?
> 
> [...]
> 
> >> One big remaining question: does the verification service just:
> >> A) verify the signature (return true/false), or
> >> B) return the transformed data, and other 
> signature-related info to 
> >> the client in an easy-to-read form
> >>
> >> The current requirements document says the latter (3.7.2 
> and 3.7.3), 
> >> but that's tentative.  Should those sections stay in or not?
> >>
> >> Trevor
> 
> 
> 
> #### smime.p7s has been removed from this note on April 01, 
> 2003 by Anthony Nadalin
> 
>

smime.p7s

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]