[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Re: OASIS Digital Signature Services TC announcement
Trevor, I agree with you, and I think that also Peter agrees with you, according to one mail that he has sent to me. I have adviced him to use the public comments list to address these issues. Juan Carlos. This is his text: >The question is not who the server gets access based on some >reference, but how does the client and maybe an enduser selects >among several keys, or claimedIdentities, > >in the mapping from user to claimedidentity to key to there is >at least (or exactly one) n-1 mapping, for example. > >user has n identities. >each identity, well here, one could ysa, has one active certificate for signing, >a certificate then references one key. > >I guess a small profile from SAML can be used to list all the >claimeIdentities available to a user. > >I have a student here who is currently doing an SRP-TLS inside >openssl as the last part of a PKCS11 implementation that >uses a remote usage of keys, etc. Currently it is a small >protocol based simply on asn1 (since this is easy with openssl.) > >I think I know what to do for the next student :-) ------------------------------- At 14:42 08/07/2004 -0700, Trevor Perrin wrote: > >>At 16:47 08/07/2004 +0200, Peter Sylvester wrote: >> >hello, >> > >> >I have a question about this text. I may ahve overlooked >> >it. How would a client detect which keys it can use to >> >sign? > >Hi Peter, Juan Carlos - > >If I understand the question: DSS doesn't specify a way for the client to >"query" a DSS server, and figure out which certificates/keys the server is >capable of signing with. > >We assume the client can either find these out through some other means, or >else trusts the server to select the key/certificate. > >Trevor >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]