[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Groups - Signature Gateway Profile wd03 (oasis-dss-1[1].0-profiles-siggty-spec-wd-03.doc) uploaded
Hi Glenn, a few comments: 1: "transforms both credential logistics, and the cryptographic technology" - remove the comma, maybe define "credential logistics". 2.3: we've been leaning toward saying the document *is* a profile, instead of that it contains profiles. 2.4: this should name the type of signature object(s) supported (i.e. XML-DSIG). 2.5 / 2.6: "permits all transport/security bindings": permits isn't clear. Is this the equivalent of a normative MUST, SHOULD, or MAY? If you want this to be a concrete profile, you should assign MUSTs to some set of bindings, to ensure interop. If you don't want to constrain bindings, then you should call this an abstract profile. 4.1.1: "The Signature Gateway Profile MAY support any optional input defined in [DSSCore]". Does this requirement apply to clients or servers? 4.1.1.1 and 4.1.1.2: The <SignatureType> and <KeySelector> options normally only appear in Sign requests, not Verify requests. If it turns out all the optional inputs you want pertain to the Signing and not Verifying, you should consider basing your profile on the SignRequest protocol instead. Do you want to specify a MUST signature type for servers to support? If not, this is definitely an abstract profile. 4.1.1.3: SignatureObject is not an optional input; it's an essential part of a VerifyRequest. 4.1.1.4: agreed we need something better here, though changing the core isn't my 1st choice. First, <VerifyManifests> already exists, so do you need to define your own version? As far as what the signature covers, why not just have it cover the entire input signature and be done with it? The only remaining choices are to insert timestamps or CRL, but that's not too many options to enumerate. 5: typo? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]