[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Call for claimed identity scenarios
Rich, This is similar to the scenario which I just posted. Except I was considering that a different form of authentication may be required. I do not believe that KeyInfo would necessarily authenticate my identity. Nick > -----Original Message----- > From: Rich Salz [mailto:rsalz@datapower.com] > Sent: 03 November 2003 18:29 > To: Hal Lockhart > Cc: dss@lists.oasis-open.org > Subject: Re: [dss] Call for claimed identity scenarios > > > I think that ClaimedIdentity is misleading. Or I don't undestand the > proposed semantics. > > I believe the intent is indicate that a role-based key should be used to > perform the signature, rather than the default key associated with the > authenticated client. In other words, while I might authenticate as > "Ken Lay" I will be signing the auditor's report using the "corporate > officer" key. > > If that interpretation is right, then I think ClaimedIdentity should be > UseKey/ds:KeyInfo instead. > /r$ > > -- > Rich Salz, Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html > > > To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor > kgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]