RE: [dss] Re: Indication of Intent / Commitment type

["Nick Pope" <pope@secstan.com>]

Dallas,

If the commitment is to be linked to the key used then "signature policy"
may be the appropriate tool.

The signature policy is a set of rules on the keys / validatity of a
signature with a commitment type.  Paul Madsen of Entrust is working on a
"abstract" profiling module that may be used with e-seals to support this.
A structure for defining signature policies is defined in
http://www.faqs.org/rfcs/rfc3125.html.

Nick



> -----Original Message-----
> From: Dallas Powell [mailto:dpowell@tybera.com]
> Sent: 08 March 2004 21:27
> To: OASIS DSS TC
> Subject: [dss] Re: Indication of Intent / Commitment type
>
>
> I think that the CommitmentType could by adequate to represent what I am
> interested in.  However, just to clarify what is behind by comment:
>
> It is my opinion that keys should have different purposes, intents, and
> perhaps they can even have different levels of security that are
> required to
> protect the keys.  The need to insure the validity of a signature on a
> document that an attorney submits to a court carries less weight than a
> signature on a judgement from a judge sending someone to jail for life.
>
> Some keys can have specific purposes, for example, when an
> attorney submits
> a document to the court, he may have a key issued where the only intent of
> that key is for signing documents that are sent to a specific court.  New
> Jersey is a good example of this.  The courts have established
> their own PKI
> for the sole purpose of allowing the attorneys to sign documents submitted
> to the New Jersey Courts.  The policies that protect these keys
> is limited.
>
> Many courts are moving away from signatures due to the complexities of key
> management and training.  Yet at the same time, I desire to use the same
> CommitmentType structure  into a legalXML document for courts
> that recognize
> a login/password as a replacement for signatures.  Can this be part of the
> structure?
>
> Another issue that I need addressed in the CommitmentType is whether the
> intent of the signature is to approve of the content of a given
> document or
> to certify the validity of another signature and have no liability of the
> content of the document.
>
> Dallas
>
> ----- Original Message -----
> From: "Nick Pope" <pope@secstan.com>
> To: "OASIS DSS TC" <dss@lists.oasis-open.org>
> Cc: "Dallas Powell" <dpowell@tybera.com>
> Sent: Monday, March 08, 2004 11:57 AM
> Subject: Indication of Intent / Commitment type
>
>
> > Dallas, Ed, DSS members,
> >
> > Dallas - You had suggested the Indication of Intent as a
> parameter of the
> > proposed Entity Seal profile.  At the discussion today there was the
> > suggestion that the XAdES CommitmentType property was appropriate.  This
> has
> > similar semantics is also more controlled in that the semantics needs to
> be
> > registered through an object identifier.
> >
> > There was also the suggestion that the CommitmentType was more
> appriately
> > part of the general "Signature Policy" which can bring together
> properties
> > and parameters of the signature (e.g. algorithms & key size) with a
> > commitment type.
> >
> > It was questioned whether this area was premature for standardisation.
> >
> > Ed - You mentioend an earlier discussion on this topic.  I couldn't find
> > anything specific around this area.  Only reference to
> Commitment type was
> > in a message dated: Wed 14/05/2003 13:44 which was around the
> relationship
> > between core and profile.  Can you help?
> >
> > DSS Members - Do I represent the discussion correctly?  Any further
> > thoughts?
> >
> > Nick
> >
> >
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
> kgroup.php.
>
>
>