[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ProcessingDetails
Hi Juan Carlos,
Here's our old discussion on this:
http://lists.oasis-open.org/archives/dss/200312/msg00007.html
The gist is you wanted more detail to say exactly what failed and why,
whereas the current structure just lets you say:
<ProcessingDetails>
<ValidDetail>IssuerTrust</ValidDetail>
<ValidDetail>ValidityInterval</ValidDetail>
<IndeterminateDetail>RevocationStatus</IndeterminateDetail>
<InvalidDetail>Signature</InvalidDetail>
</ProcessingDetails>
However, what I liked about the current structure, was that it provides
useful high-level info, such as:
<IndeterminateDetail>RevocationStatus</IndeterminateDetail>
without telling you precisely that a CRL or OCSP retrieval failed, which
might be harder to convey than it's worth.
But maybe we could take the current structure and add the ability to attach
more specific information to any of the details, such as a URI <Code> that
profiles can define, or a text <Message>, and an xs:any so profiles can add
whatever else they want:
<ProcessingDetails>
<ValidDetail Type="IssuerTrust"/>
<ValidDetail Type="ValidityInterval"/>
<IndeterminateDetail Type="RevocationStatus">
<Code>urn:someprofile:indeterminate-detail:CRLNotReached</Code>
</IndeterminateDetail>
<InvalidDetail Type="Signature">
<Code>urn:oasis:names:tc:dss:1.0:invalid-detail:ReferenceFailure</Code>
<Message>The ds:Reference's hash doesn't match the
document</Message>
</InvalidDetail>
</ProcessingDetails>
Your thoughts?
Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]