OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Requestor identities and X.509 certificates ( action 20)

Section 3.3.2 in dss_requirements_draft_12.doc states the following:
        Requestor Identity
        Requestor Name (in a type/value format such as a SAML NameIdentifier)
        (Optionally) Information supporting the name (such as a SAML Assertion, Liberty Alliance
        Authentication Context, or X.509 Certificate)
        If the server is not signing with a key specific to the requestor, then the server might want
        to represent the requestor's name or role, and possibly details of how the requestor
        authenticated, in a signed attribute.  This element is unusual in that it may be used in
        contexts outside of DSS, such as when a 3rd-party notary signs a document on behalf of a
        "requestor" who makes his request in person, and authenticates himself with paper documents.

End of Section 3.3.2

   In addition to specifying the subject identity using the subject field in an X.509 certificate,
   additional identities may be associated with the subject of an X.509 certificate using
   Subject Alternative name extensions. The purpose of enumerating these identities here
   is to make sure the DSS schema  can handle  them.
   Possible subject alternative name extensions in an X.509  certificate include ( see rfc2459 for a
detailed description):
               email address,
        DNS name
        IP address
        uniform resource identifier
        directory name
        EDI Party Name
        X400 address

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]