OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] full schema for signing request

> If we rewrote it that way, the only function of dss:Parameter would be to
> contain the "mustUnderstand" attribute.  At the f2f we decided that the
> server should *have* to understand any client parameters, or reject the
> entire request.  Just made things simpler.  We could revisit that.  But if
> we got rid of mustUnderstand we wouldn't need dss:Parameter, we could just do:

The biggest drawback I can see is that it prevents re-using elements;
you can't say "this ds:KeyInfo is for signing, and this ds:KeyInfo
is for timestamping".  Instead you'd have to wrap each ds:KeyInfo element
inside a namespaced container that identified the semantics.  I think it's
cleaner to identify the semantics and leave the content open.

If mustUnderstand goes away from the core, that's okay.  I'd like to leave
open the possibility of adding it (with default value true) in future
versions, tho.

Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]