OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Comments on XAdES profile


At 20:58 12/03/2004 -0000, Nick Pope wrote:
>OK - Perhaps what I meant by a "general requirement" is one which is one
>which is there is the requirement is applicable to majority of cases.
>However, as the profile we are building is a "general solution" meeting the
>broad range of requirements including minority requirements.
>
>So perhaps, you are right and lets keep it in the profile.  The next
>question whether we make this it optional for the server to support this.
>My feeling is probably yes.
>
I tend to agree with you in keeping it in the profile and make optional for
the server to suppor it.

Juan Carlos.
>Nick
>
>> -----Original Message-----
>> From: Juan Carlos Cruellas Ibarz [mailto:cruellas@ac.upc.es]
>> Sent: 12 March 2004 11:11
>> To: Nick Pope
>> Cc: OASIS DSS TC
>> Subject: RE: [dss] Comments on XAdES profile
>>
>>
>> At 22:08 09/03/2004 -0000, Nick Pope wrote:
>> >Juan Carlos,
>> >
>> >I can't envisage a practical need for the client to select the key.  The
>> >identity of the requestor must already be authenticated.  The
>> only possible
>> >situation is that the requestor has several signing keys, but I don't see
>> >that as the a general requirement.
>> >
>> >Nick
>> Mmmm, but in fact in the core we have included the KeySelector
>> as optional precisely to cope with this kind of situations...,
>> because there may be situations where the cliente may need to
>> select one specific key. And if this is not the general situation it
>> is still a range of situations that may appear.
>>
>> Juan Carlos.
>>
>> >
>> >...
>> >
>> >
>> >>
>> >> >3.1.1.2	lines 172-176
>> >> >Generally, I would expect the server to select the key.  MUST be
>> >> supported
>> >> >by server but only MAY be present in request.
>> >> >
>> >> Well, in fact the writing is not good.
>> >> IF the server is able to gain access to the certificate in the view of
>> >> the identitiy of the requester, then the KeySelector is not needed.
>> >> BUT IF the server can not do that, then the client MUST add its
>> >> certificate to the request. One question that one may have is:
>> >> if the server has the private key, is there any reason why it must
>> >> not have the certificate?... If the answer is NO, then perhaps
>> >> there are not many reasons for this element to appear.
>> >>
>> >>
>> >
>> >
>>
>> To unsubscribe from this mailing list (and be removed from the
>> roster of the OASIS TC), go to
>> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
>kgroup.php.
>
>
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]