dss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Requestor identities and X.509 certificates ( action 20)
- From: Krishna Yellepeddy <kyellepe@us.ibm.com>
- To: dss@lists.oasis-open.org
- Date: Mon, 29 Sep 2003 11:05:10 -0500
Section 3.3.2 in dss_requirements_draft_12.doc states the following:
Requestor Identity
Requestor Name (in a type/value format such as a SAML NameIdentifier)
(Optionally) Information supporting the name (such as a SAML Assertion, Liberty Alliance
Authentication Context, or X.509 Certificate)
If the server is not signing with a key specific to the requestor, then the server might want
to represent the requestor's name or role, and possibly details of how the requestor
authenticated, in a signed attribute. This element is unusual in that it may be used in
contexts outside of DSS, such as when a 3rd-party notary signs a document on behalf of a
"requestor" who makes his request in person, and authenticates himself with paper documents.
End of Section 3.3.2
In addition to specifying the subject identity using the subject field in an X.509 certificate,
additional identities may be associated with the subject of an X.509 certificate using
Subject Alternative name extensions. The purpose of enumerating these identities here
is to make sure the DSS schema can handle them.
Possible subject alternative name extensions in an X.509 certificate include ( see rfc2459 for a
detailed description):
email address,
DNS name
IP address
uniform resource identifier
directory name
EDI Party Name
X400 address
Regards,
Krishna
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]