RE: [dss] Re: Indication of Intent / Commitment type

["jmessing" <jmessing@law-on-line.com>]

Please see inline comments.

---------- Original Message ----------------------------------
From: "Nick Pope" <pope@secstan.com>
Date:  Tue, 9 Mar 2004 12:33:41 -0000

>Dallas,
>
>If the commitment is to be linked to the key used then "signature policy"
>may be the appropriate tool.
>
>The signature policy is a set of rules on the keys / validatity of a
>signature with a commitment type.  Paul Madsen of Entrust is working on a
>"abstract" profiling module that may be used with e-seals to support this.
>A structure for defining signature policies is defined in
>http://www.faqs.org/rfcs/rfc3125.html.
>
>Nick
>
>
>
>> -----Original Message-----
>> From: Dallas Powell [mailto:dpowell@tybera.com]
>> Sent: 08 March 2004 21:27
>> To: OASIS DSS TC
>> Subject: [dss] Re: Indication of Intent / Commitment type
>>
>>
>> I think that the CommitmentType could by adequate to represent what I am
>> interested in.  However, just to clarify what is behind by comment:
>>
>> It is my opinion that keys should have different purposes, intents, and
>> perhaps they can even have different levels of security that are
>> required to
>> protect the keys.  The need to insure the validity of a signature on a
>> document that an attorney submits to a court carries less weight than a
>> signature on a judgement from a judge sending someone to jail for life.
>>
>> Some keys can have specific purposes, for example, when an
>> attorney submits
>> a document to the court, he may have a key issued where the only intent of
>> that key is for signing documents that are sent to a specific court.  New
>> Jersey is a good example of this.  The courts have established
>> their own PKI
>> for the sole purpose of allowing the attorneys to sign documents submitted
>> to the New Jersey Courts.  The policies that protect these keys
>> is limited.
>>
>> Many courts are moving away from signatures due to the complexities of key
>> management and training.  Yet at the same time, I desire to use the same
>> CommitmentType structure  into a legalXML document for courts
>> that recognize
>> a login/password as a replacement for signatures.  Can this be part of the
>> structure?
>>
<jm>
In a dss, the username/password can be leveraged into a digital signature by having a method by which a server recognizes a use from the username/password and digitally signs on the user's behalf, either by employing the server's key (XKI type of process) or a key maintained on the server for use by the client (XKMS type of process). One way to do this is to have a third party authenticate the user with the username/password and digitally sign an authentication assertion (SAML) which the signature server recognizes.
</jm>
>> Another issue that I need addressed in the CommitmentType is whether the
>> intent of the signature is to approve of the content of a given
>> document or
>> to certify the validity of another signature and have no liability of the
>> content of the document.
>>
<jm>I think this could be part of a profile within the above-described architecture. Nick, Paul Madsen's abstracting profile sufficient to cover both the XKI and XKMS examples?
</jm>
>> Dallas
>>
>> ----- Original Message -----
>> From: "Nick Pope" <pope@secstan.com>
>> To: "OASIS DSS TC" <dss@lists.oasis-open.org>
>> Cc: "Dallas Powell" <dpowell@tybera.com>
>> Sent: Monday, March 08, 2004 11:57 AM
>> Subject: Indication of Intent / Commitment type
>>
>>
>> > Dallas, Ed, DSS members,
>> >
>> > Dallas - You had suggested the Indication of Intent as a
>> parameter of the
>> > proposed Entity Seal profile.  At the discussion today there was the
>> > suggestion that the XAdES CommitmentType property was appropriate.  This
>> has
>> > similar semantics is also more controlled in that the semantics needs to
>> be
>> > registered through an object identifier.
>> >
>> > There was also the suggestion that the CommitmentType was more
>> appriately
>> > part of the general "Signature Policy" which can bring together
>> properties
>> > and parameters of the signature (e.g. algorithms & key size) with a
>> > commitment type.
>> >
>> > It was questioned whether this area was premature for standardisation.
>> >
>> > Ed - You mentioend an earlier discussion on this topic.  I couldn't find
>> > anything specific around this area.  Only reference to
>> Commitment type was
>> > in a message dated: Wed 14/05/2003 13:44 which was around the
>> relationship
>> > between core and profile.  Can you help?
>> >
>> > DSS Members - Do I represent the discussion correctly?  Any further
>> > thoughts?
>> >
>> > Nick
>> >
>> >
>>
>>
>> To unsubscribe from this mailing list (and be removed from the
>> roster of the OASIS TC), go to
>> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
>> kgroup.php.
>>
>>
>>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php.
>
>

--
Internet communications are insecure. If you would like to initiate secure communications, these can be made available upon request.

The information contained in this message may be legally privileged and confidential.  It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. 

If you have received this e-mail in error, please immediately notify the sender by "Reply" command and/or John H. Messing, P.C. by telephone at (520) 547-7933 and permanently delete the original and any copies or printouts thereof. Although this email and any attachments are believed to be free of any virus or other defect, it is the responsibility of the recipient to ensure that a message is virus free. John H. Messing, John H. Messing PC and Law-on-Line Inc. take no responsibility for any loss or damage.
--