[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on XAdES profile
I would expect this to be covered by claimed identity indicating which role the requestor is operating under. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 12 March 2004 15:12 > To: Nick Pope; Juan Carlos Cruellas Ibarz > Cc: OASIS DSS TC > Subject: RE: [dss] Comments on XAdES profile > > > What if the client has keys for different roles? > > ---------- Original Message ---------------------------------- > From: Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es> > Date: Fri, 12 Mar 2004 12:11:00 +0100 > > >At 22:08 09/03/2004 -0000, Nick Pope wrote: > >>Juan Carlos, > >> > >>I can't envisage a practical need for the client to select the key. The > >>identity of the requestor must already be authenticated. The > only possible > >>situation is that the requestor has several signing keys, but I > don't see > >>that as the a general requirement. > >> > >>Nick > >Mmmm, but in fact in the core we have included the KeySelector > >as optional precisely to cope with this kind of situations..., > >because there may be situations where the cliente may need to > >select one specific key. And if this is not the general situation it > >is still a range of situations that may appear. > > > >Juan Carlos. > > > >> > >>... > >> > >> > >>> > >>> >3.1.1.2 lines 172-176 > >>> >Generally, I would expect the server to select the key. MUST be > >>> supported > >>> >by server but only MAY be present in request. > >>> > > >>> Well, in fact the writing is not good. > >>> IF the server is able to gain access to the certificate in the view of > >>> the identitiy of the requester, then the KeySelector is not needed. > >>> BUT IF the server can not do that, then the client MUST add its > >>> certificate to the request. One question that one may have is: > >>> if the server has the private key, is there any reason why it must > >>> not have the certificate?... If the answer is NO, then perhaps > >>> there are not many reasons for this element to appear. > >>> > >>> > >> > >> > > > >To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor kgroup.php. > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]