[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on XAdES profile
What if the client has keys for different roles? ---------- Original Message ---------------------------------- From: Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es> Date: Fri, 12 Mar 2004 12:11:00 +0100 >At 22:08 09/03/2004 -0000, Nick Pope wrote: >>Juan Carlos, >> >>I can't envisage a practical need for the client to select the key. The >>identity of the requestor must already be authenticated. The only possible >>situation is that the requestor has several signing keys, but I don't see >>that as the a general requirement. >> >>Nick >Mmmm, but in fact in the core we have included the KeySelector >as optional precisely to cope with this kind of situations..., >because there may be situations where the cliente may need to >select one specific key. And if this is not the general situation it >is still a range of situations that may appear. > >Juan Carlos. > >> >>... >> >> >>> >>> >3.1.1.2 lines 172-176 >>> >Generally, I would expect the server to select the key. MUST be >>> supported >>> >by server but only MAY be present in request. >>> > >>> Well, in fact the writing is not good. >>> IF the server is able to gain access to the certificate in the view of >>> the identitiy of the requester, then the KeySelector is not needed. >>> BUT IF the server can not do that, then the client MUST add its >>> certificate to the request. One question that one may have is: >>> if the server has the private key, is there any reason why it must >>> not have the certificate?... If the answer is NO, then perhaps >>> there are not many reasons for this element to appear. >>> >>> >> >> > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]