[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Representing requestor's identity
Where a person signs on behalf of another person or an entity, which is an essential element of delegated signing, it would be handy to have a standard way of communicating between applications and entities how the authorizations were set up and for how long they are intended to last. It could be critical to certain types of transactions. It is related to identification of a signer, but not identical to it. ---------- Original Message ---------------------------------- From: Trevor Perrin <trevp@trevp.net> Date: Tue, 29 Apr 2003 13:08:06 -0700 >At 08:03 AM 4/29/2003 -0400, jmessing wrote: > >>Apart from some of the identity and authentication issues being debated >>with regard to SAML, I would like to see a somewhat richer set in the base >>where for example the corporate signing use case is involved. >> >>Besides a signer's identity, could we indicate where the signer is signing >>on behalf of another person or entity > >I think this is implied by the signed attribute for "Requestor Identity". > >>--title > >of the Requestor? Within a SAML Assertion, it would be easy to give >further attributes of the Requestor (like his title) with AttributeStatements. > >>--signature authorization (as in legal authority or delegated permission) >>--duration of signature authorization > >not sure what the above mean. Are you sure they have to do with >Identifying the Requestor, and aren't just other signed attributes that a >DSS Service might add, but which our protocol doesn't have to take into >account? > >>--individual who granted authorization to sign > >I.e. the Requestor Identity? > > >Trevor > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]