[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on XAdES profile
At 20:58 12/03/2004 -0000, Nick Pope wrote: >OK - Perhaps what I meant by a "general requirement" is one which is one >which is there is the requirement is applicable to majority of cases. >However, as the profile we are building is a "general solution" meeting the >broad range of requirements including minority requirements. > >So perhaps, you are right and lets keep it in the profile. The next >question whether we make this it optional for the server to support this. >My feeling is probably yes. > I tend to agree with you in keeping it in the profile and make optional for the server to suppor it. Juan Carlos. >Nick > >> -----Original Message----- >> From: Juan Carlos Cruellas Ibarz [mailto:cruellas@ac.upc.es] >> Sent: 12 March 2004 11:11 >> To: Nick Pope >> Cc: OASIS DSS TC >> Subject: RE: [dss] Comments on XAdES profile >> >> >> At 22:08 09/03/2004 -0000, Nick Pope wrote: >> >Juan Carlos, >> > >> >I can't envisage a practical need for the client to select the key. The >> >identity of the requestor must already be authenticated. The >> only possible >> >situation is that the requestor has several signing keys, but I don't see >> >that as the a general requirement. >> > >> >Nick >> Mmmm, but in fact in the core we have included the KeySelector >> as optional precisely to cope with this kind of situations..., >> because there may be situations where the cliente may need to >> select one specific key. And if this is not the general situation it >> is still a range of situations that may appear. >> >> Juan Carlos. >> >> > >> >... >> > >> > >> >> >> >> >3.1.1.2 lines 172-176 >> >> >Generally, I would expect the server to select the key. MUST be >> >> supported >> >> >by server but only MAY be present in request. >> >> > >> >> Well, in fact the writing is not good. >> >> IF the server is able to gain access to the certificate in the view of >> >> the identitiy of the requester, then the KeySelector is not needed. >> >> BUT IF the server can not do that, then the client MUST add its >> >> certificate to the request. One question that one may have is: >> >> if the server has the private key, is there any reason why it must >> >> not have the certificate?... If the answer is NO, then perhaps >> >> there are not many reasons for this element to appear. >> >> >> >> >> > >> > >> >> To unsubscribe from this mailing list (and be removed from the >> roster of the OASIS TC), go to >> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor >kgroup.php. > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]