OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [dss] Representing requestor's identity


I hope that you appreciate that is not about signer intent or signature policies.

It is about ways to enable the avoidance of unpleasant legal consequences by having the necessary information inevitably present as metadata where an enterprise has many people signing for it using a single key.

If there are ways to avoid having to do it at the standard level that will invariably work, I would be very interested in hearing about them. 

---------- Original Message ----------------------------------
From: Trevor Perrin <trevp@trevp.net>
Date:  Wed, 30 Apr 2003 11:00:28 -0700

>At 09:18 AM 4/30/2003 -0400, jmessing wrote:
>
>>Absolutely correct.
>>
>>But what happens in the absence of such a preliminary agreement?
>>
>>If there is none, then under Anglo-American common law a corporation may 
>>be bound if it gives apparent authority to someone to affix its name. 
>>Apparent authority is derived from estoppel notions. If you are foolish 
>>enough or careless enough to allow someone to appear to others as though 
>>they are legitimately acting on your behalf, then you may well be legally 
>>bound by a transaction concluded with an innocent relying party who 
>>thought the transaction was legitimate. It is a type of corporate 
>>non-repudiation doctrine that has been around for centuries, though it is 
>>not limited to entities but may also apply to individuals. It would most 
>>probably apply to a corporate DSS.
>>
>>Putting the onus on the parties to create a signature policy first in 
>>order to to express these authority relationships between them is 
>>extremely inadvisable in my view. It would be cleaner to have the option 
>>to express signature authority relationships upfront in order to have 
>>express grants of authority included in the delegated signature data.
>
>I'd rather the core protocol restrict itself to technical aspects of 
>delegated signing, and leave to further documents the creation of signature 
>policies and additional attributes to represent signer intent.
>
>The "higher-level" semantics/legal meaning of a signature is certainly 
>important, but we've got enough on our plates in just designing the 
>mechanics of delegated signing, that I think we should deal with that first.
>
>Trevor 
>
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]