OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Comments on XAdES profile

I would expect this to be covered by claimed identity indicating which role
the requestor is operating under.

Nick

> -----Original Message-----
> From: jmessing [mailto:jmessing@law-on-line.com]
> Sent: 12 March 2004 15:12
> To: Nick Pope; Juan Carlos Cruellas Ibarz
> Cc: OASIS DSS TC
> Subject: RE: [dss] Comments on XAdES profile
>
>
> What if the client has keys for different roles?
>
> ---------- Original Message ----------------------------------
> From: Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es>
> Date:  Fri, 12 Mar 2004 12:11:00 +0100
>
> >At 22:08 09/03/2004 -0000, Nick Pope wrote:
> >>Juan Carlos,
> >>
> >>I can't envisage a practical need for the client to select the key.  The
> >>identity of the requestor must already be authenticated.  The
> only possible
> >>situation is that the requestor has several signing keys, but I
> don't see
> >>that as the a general requirement.
> >>
> >>Nick
> >Mmmm, but in fact in the core we have included the KeySelector
> >as optional precisely to cope with this kind of situations...,
> >because there may be situations where the cliente may need to
> >select one specific key. And if this is not the general situation it
> >is still a range of situations that may appear.
> >
> >Juan Carlos.
> >
> >>
> >>...
> >>
> >>
> >>>
> >>> >3.1.1.2	lines 172-176
> >>> >Generally, I would expect the server to select the key.  MUST be
> >>> supported
> >>> >by server but only MAY be present in request.
> >>> >
> >>> Well, in fact the writing is not good.
> >>> IF the server is able to gain access to the certificate in the view of
> >>> the identitiy of the requester, then the KeySelector is not needed.
> >>> BUT IF the server can not do that, then the client MUST add its
> >>> certificate to the request. One question that one may have is:
> >>> if the server has the private key, is there any reason why it must
> >>> not have the certificate?... If the answer is NO, then perhaps
> >>> there are not many reasons for this element to appear.
> >>>
> >>>
> >>
> >>
> >
> >To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
kgroup.php.
>
>

To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]