Re: [dss] Comments on XAdES profile

[Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es>]

Nick,
At 21:39 08/03/2004 -0000, Nick Pope wrote:
>Juan Carlos,
>
>A few comments on what you have done so far.
>
>
>2.2 lines 118-122
>No need to describe verify [and updating] from arbitration.  Opens up
>questions of what is arbitration and why can use this service for the long
>term form.  Long term XAdES can be considered as just another predefined
>XAdES structure.  Also, matches later structure.
>
Agreed... I will redo that part.

>3.1 General
>For each element should indicate what server MUST or MAY support, and what
>client MUST or MAY include in request.

OK.
>
>3.1.1.1 line 166.
> Add a DSS service provider may specify other forms that it supports.
>
Agreed.

>3.1.1.2	lines 172-176
>Generally, I would expect the server to select the key.  MUST be supported
>by server but only MAY be present in request.
>
Well, in fact the writing is not good. 
IF the server is able to gain access to the certificate in the view of
the identitiy of the requester, then the KeySelector is not needed.
BUT IF the server can not do that, then the client MUST add its
certificate to the request. One question that one may have is:
if the server has the private key, is there any reason why it must
not have the certificate?... If the answer is NO, then perhaps
there are not many reasons for this element to appear.

Juan Carlos.
>Nick
>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php.
>