OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


ISSUE#3: ds:KeyInfo in SignatureOptions

Short description: You include a ds:KeyInfo element within the 
root child SignatureOptions.

Short rationale: You contend that  "KeySelector" and "Properties" into 
"SignatureOptions "represent attempts by the client to control 
specific details of what goes in the dsig, so grouping them seemed

My comments and proposal(s): 
	1.I proposed to change the name to KeySelector based
	on the fact that the element would act as a selector
	on the keys that the server has to produce signatures, whereas
	the ds:KeyInfo in a ds:Siganture element indicates material
	that allows to determine the key to be used to verify the
	signature... It could even happen that these two elements
	could be different!!! in an environment where you select
	one key by the name, and the application profile instructs
	the server to put the certificate within the ds:KeyInfo, for instance...
	In your reply you said that perhaps this could make sense.

	2. I propose NOT to put this element in SignatureOptions element.
	As I said, "the information of the key that the server has
	 to use is something crucial to the service, whereas the addition
	 of properties, the canonicalization method, etc. is something
	 of a second level of importance: in the end, the key also identifies
	 the signer!!!."

	3, Once said that, then I would find acceptable any of the two 
	following proposals:

		a. To maintain KeySelector and ClaimedIdentity
		as separated root children OR
		b. To define a new root child element ("RequesterDetails"?)
		including both, KeySelector and ClaimedIdentity....the 
		rationale being that a signing key can also identify the


Juan Carlos.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]