OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Representing requestor's identity

John,

Is it not possible for two parties to agree in a contract, such as an EDI
interchange agreement, to adopt the rules for creation and validation of
signatures as specified in a signature policy for subsequent exchanges.

Nick



> -----Original Message-----
> From: jmessing [mailto:jmessing@law-on-line.com]
> Sent: 30 April 2003 13:47
> To: dss@lists.oasis-open.org
> Subject: RE: [dss] Representing requestor's identity
>
>
> I don't believe the subject properly falls within signature policy.
>
> "If no signature policy is identified then the signature may be
> assumed to have been generated/verified without any policy
> constraints, and hence may be given no specific legal or
> contractual significance through the context of a signature policy."
>
> The common law doctrines of apparent and express authority do not
> fit this notion of a signature policy. Other semantics are
> required to prevent, for example, a rogue corporate signature
> created by an unauthorized individual as a matter of law and not
> signature policy binding a corporation to a transaction against its will.
>
> Without it, a corporate signature DSS could become a legal Frankenstein.
>
> ---------- Original Message ----------------------------------
> From: Trevor Perrin <trevp@trevp.net>
> Date:  Wed, 30 Apr 2003 00:34:10 -0700
>
> >At 11:07 PM 4/29/2003 -0400, jmessing wrote:
> >
> >> >
> >> >This sounds less like signed attributes the signer would add to a
> >> >particular signature, and more like policies, validity
> intervals, and name
> >> >constraints a CA would add to the DSS Server's certificate.
> >>
> >>I disagree. It relates to a trust relationship expressed between a
> >>requestor and the DSS. It has nothing to do with the DSS certificate.
> >
> >okay.  This sounds like a signature policy then - you'd want to
> include a
> >SignaturePolicyIdentifer (like in XAdES 5.2.3) as a signed
> attribute that
> >clarifies the semantics of the signature - in this case, it
> would clarify
> >the relationship between the signer and requestor.  We decided not to
> >commit ourselves to particular representations of signature
> policies like
> >XAdES, but this sort of additional attribute is allowed under
> 3.2.3 of the
> >requirements.  Is that sufficient?
> >
> >http://www.w3.org/TR/XAdES/#Syntax_for_XAdES_The_SignaturePolicyI
dentifier_element
>
>Trevor
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]