[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] EPM use cases: some questions and one requeriment.
Juan carlos, Trevor, Looking at this I realise that we have confusion over what is a "signature policy" & "validation policy". Currently, the Signature Policy as described in ETSI covers validation requirements. Do we want to have a signature policy which comprises the creation and validation policy components? Also, is it validation or verification? Nick > -----Original Message----- > From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.es] > Sent: 25 June 2003 11:26 > To: dss@lists.oasis-open.org > Subject: Re: [dss] EPM use cases: some questions and one requeriment. > > > Trevor, > > I agree that it would be easier for the client to send yes or not.... > but again, this means that, at least, the server will always have > a policy at least, and perhaps different policies and the client > means to know in advance which one is interesting for him.... > > I would then add some text in 3.7.5 that explicitely relates the > issue of returning the validation data with what is stated in > the validation policy...what about addingsomething like: > > " accordingto what is stated in the corresponding verification policy." > > at the end of the sentence in 3.7.5? > > Juan Carlos. > > At 18:09 20/06/2003 -0700, Trevor Perrin wrote: > > > >This was supposed to be the "Verification Policy", where 3.4.4 is the > >"Signing Policy". These were intended to be identifiers that > lump together > >any parameters that aren't explicitly covered elsewhere, with > the idea that > >if the client doesn't identify a policy, each server has some default > >policy. This isn't very clear, and "Policy" is an overloaded word, I'll > >try to clear this up in another draft in the next few days. > > > >For things like what type of verification data to return, where > there could > >be lots of different types and different ways of doing it (do you want > >certificates and/or revocation data or both? do you want CRLs or OCSP > >responses or something else? How recent do you need the > verification data > >to be? Does it need to be time-stamped?) it seems easier to let the > >details of this be implicit in the Verification Policy, and just > have the > >client say "yes, I want verification data", or "no, I don't". > > > > > >Trevor > > > > > >You may leave a Technical Committee at any time by visiting > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor kgroup.php > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]