[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Approach to code-signing profile
At 11:10 AM 1/20/2004 +0000, Pieter Kasselman wrote:
>Hi, here is an outline on the approach to the code-signing profile.
Hi Pieter,
a comment and a couple questions:
- The code-signing profile seems to be an "abstract" or "meta"-profile,
just like the policy-based server profile. So they face similar issues of
terminology, document organization, and relationships to other profiles.
- Have you thought about how transport/security bindings fit into here?
- Would the code-signing profile be attached to a specific binding
(e.g. SOAP over HTTPS), or would the attachment to a binding be part of the
schemes?
- Have you given any thought to the specific bindings that would be
preferable (SOAP vs. plain HTTP; WS-Security vs. SSL)?
- Would clients be required to verify the returned
code-signatures? If so, would this eliminate the need for a secure binding?
Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]