OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] Call for claimed identity scenarios

I think that ClaimedIdentity is misleading.  Or I don't undestand the 
proposed semantics.

I believe the intent is indicate that a role-based key should be used to 
perform the signature, rather than the default key associated with the 
authenticated client.  In other words, while I might authenticate as 
"Ken Lay" I will be signing the auditor's report using the "corporate 
officer" key.

If that interpretation is right, then I think ClaimedIdentity should be 
UseKey/ds:KeyInfo instead.
	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]