Requestor identities and X.509 certificates ( action 20)

[Krishna Yellepeddy <kyellepe@us.ibm.com>]

Section 3.3.2 in dss_requirements_draft_12.doc states the following:
        Requestor Identity
        Requestor Name (in a type/value format such as a SAML NameIdentifier)
        (Optionally) Information supporting the name (such as a SAML Assertion, Liberty Alliance 
        Authentication Context, or X.509 Certificate) 
        
        If the server is not signing with a key specific to the requestor, then the server might want
        to represent the requestor's name or role, and possibly details of how the requestor 
        authenticated, in a signed attribute.  This element is unusual in that it may be used in
        contexts outside of DSS, such as when a 3rd-party notary signs a document on behalf of a 
        "requestor" who makes his request in person, and authenticates himself with paper documents. 

End of Section 3.3.2

   In addition to specifying the subject identity using the subject field in an X.509 certificate, 
   additional identities may be associated with the subject of an X.509 certificate using
   Subject Alternative name extensions. The purpose of enumerating these identities here 
   is to make sure the DSS schema  can handle  them. 
       
   Possible subject alternative name extensions in an X.509  certificate include ( see rfc2459 for a 
detailed description):
               email address, 
        DNS name
        IP address
        uniform resource identifier
        directory name
        EDI Party Name
        X400 address
 
 Regards,
   Krishna