[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: OASIS Digital Signature Services TC announcement
Hi Peter, In fact it the signature is generated by the server, not by the client The client may indicate the key to the server by several means, one being to pass info within a specific element, called <dss:KeySelector> whose contents are a reference to ds:KeyInfo. Another way could be to pass the identity claimed by the client (a saml assertion within a specific element <dss:ClaimedIdentity> ) within a framework where identities may be associated to private keys, and let the server gain access to the key. There may also be other mechanisms to make the server realize which is the private key it has to use. The whole framework is designed so that the server may gain access to private keys to generate the signatures. Regards Juan Carlos. At 16:47 08/07/2004 +0200, you wrote: >hello, > >I have a question about this text. I may ahve overlooked >it. How would a client detect which keys it can use to >sign? Actually I have a very good student here who is implementing >a PKCS11 library that accesses a remote "key use server". >The protocol has two aspects, one is a lookup to obtain >a list of x509 certs + nicknames so that the PKCS11 >libary can respond to clients, another is a simply >request to perform a particular usage of a key. > >Or is it that one uses SAML to do the lookup? > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]