[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Representing requestor's identity
At 11:07 PM 4/29/2003 -0400, jmessing wrote: > > > >This sounds less like signed attributes the signer would add to a > >particular signature, and more like policies, validity intervals, and name > >constraints a CA would add to the DSS Server's certificate. > >I disagree. It relates to a trust relationship expressed between a >requestor and the DSS. It has nothing to do with the DSS certificate. okay. This sounds like a signature policy then - you'd want to include a SignaturePolicyIdentifer (like in XAdES 5.2.3) as a signed attribute that clarifies the semantics of the signature - in this case, it would clarify the relationship between the signer and requestor. We decided not to commit ourselves to particular representations of signature policies like XAdES, but this sort of additional attribute is allowed under 3.2.3 of the requirements. Is that sufficient? http://www.w3.org/TR/XAdES/#Syntax_for_XAdES_The_SignaturePolicyIdentifier_element Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]