[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Approach to code-signing profile
At 11:10 AM 1/20/2004 +0000, Pieter Kasselman wrote: >Hi, here is an outline on the approach to the code-signing profile. Hi Pieter, a comment and a couple questions: - The code-signing profile seems to be an "abstract" or "meta"-profile, just like the policy-based server profile. So they face similar issues of terminology, document organization, and relationships to other profiles. - Have you thought about how transport/security bindings fit into here? - Would the code-signing profile be attached to a specific binding (e.g. SOAP over HTTPS), or would the attachment to a binding be part of the schemes? - Have you given any thought to the specific bindings that would be preferable (SOAP vs. plain HTTP; WS-Security vs. SSL)? - Would clients be required to verify the returned code-signatures? If so, would this eliminate the need for a secure binding? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]