OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Comments on XAdES profile

OK - Perhaps what I meant by a "general requirement" is one which is one
which is there is the requirement is applicable to majority of cases.
However, as the profile we are building is a "general solution" meeting the
broad range of requirements including minority requirements.

So perhaps, you are right and lets keep it in the profile.  The next
question whether we make this it optional for the server to support this.
My feeling is probably yes.

Nick

> -----Original Message-----
> From: Juan Carlos Cruellas Ibarz [mailto:cruellas@ac.upc.es]
> Sent: 12 March 2004 11:11
> To: Nick Pope
> Cc: OASIS DSS TC
> Subject: RE: [dss] Comments on XAdES profile
>
>
> At 22:08 09/03/2004 -0000, Nick Pope wrote:
> >Juan Carlos,
> >
> >I can't envisage a practical need for the client to select the key.  The
> >identity of the requestor must already be authenticated.  The
> only possible
> >situation is that the requestor has several signing keys, but I don't see
> >that as the a general requirement.
> >
> >Nick
> Mmmm, but in fact in the core we have included the KeySelector
> as optional precisely to cope with this kind of situations...,
> because there may be situations where the cliente may need to
> select one specific key. And if this is not the general situation it
> is still a range of situations that may appear.
>
> Juan Carlos.
>
> >
> >...
> >
> >
> >>
> >> >3.1.1.2	lines 172-176
> >> >Generally, I would expect the server to select the key.  MUST be
> >> supported
> >> >by server but only MAY be present in request.
> >> >
> >> Well, in fact the writing is not good.
> >> IF the server is able to gain access to the certificate in the view of
> >> the identitiy of the requester, then the KeySelector is not needed.
> >> BUT IF the server can not do that, then the client MUST add its
> >> certificate to the request. One question that one may have is:
> >> if the server has the private key, is there any reason why it must
> >> not have the certificate?... If the answer is NO, then perhaps
> >> there are not many reasons for this element to appear.
> >>
> >>
> >
> >
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
kgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]