[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: requirements draft 4
I updated the draft, mostly just to tighten the language, clean up typos, and mention a couple things like: - extensibility to linking timestamps - the client sending dsig:References for URIs that contribute to the transform chain However I also changed "3.2.1 Requestor Identity" drastically: "If the server is not signing with a key specific to the requestor, then the server might want to represent the requestor's name, details of how the requestor authenticated, or other identifying information in signed attributes. We will not specify how this is done, leaving it to higher-level standards that build on DSS. Options include an RFC 3280 GeneralName in CMS, and a SAML Assertion in XML-DSIG." This reflects my growing feeling that we shouldn't concern ourselves with the contents and semantics of signatures, but should just focus on the technical issues of sending to-be-signed or was-signed data and retrieving back a signature or verification result. Doing otherwise seems like a can of worms. But this is just to spur discussion, if people disagree we'll change it back.. Revision tracking is enabled in the word doc: http://trevp.net/dss/dss_requirements_draft_4.doc http://trevp.net/dss/dss_requirements_draft_4.pdf Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]