[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] full schema for signing request
At 07:46 PM 9/24/2003 -0400, you wrote:
> > If we rewrote it that way, the only function of dss:Parameter would be to
> > contain the "mustUnderstand" attribute. At the f2f we decided that the
> > server should *have* to understand any client parameters, or reject the
> > entire request. Just made things simpler. We could revisit that. But if
> > we got rid of mustUnderstand we wouldn't need dss:Parameter, we could
> just do:
>
>The biggest drawback I can see is that it prevents re-using elements;
>you can't say "this ds:KeyInfo is for signing, and this ds:KeyInfo
>is for timestamping". Instead you'd have to wrap each ds:KeyInfo element
>inside a namespaced container that identified the semantics.
True, but with a dss:Parameter you have to wrap each element
regardless. With this, at least some elements can avoid that:
<parameters>
<claimedIdentity>alice@acme.com</claimedIdentity>
<intendedAudience>bob@acme.com</intendedAudience>
<applicationProfile>urn:oasis:dss:code-signing</applicationProfile>
<returnDocumentContainingSignature/>
<signingKey>
<ds:KeyInfo>...
</signingKey>
<timestampingKey>
<ds:KeyInfo>...
</timestampingKey>
</parameters>
> I think it's
>cleaner to identify the semantics and leave the content open.
>
>If mustUnderstand goes away from the core, that's okay. I'd like to leave
>open the possibility of adding it (with default value true) in future
>versions, tho.
yeah, doing what I suggest precludes that.
Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]