OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] RE: Question on Verifying result codes

Dear all,

My view is that we are dealing with two different issues that require
two different codes:

1. A signature-timestamp is verified OK but there are certain input 
documents
that are not covered by it. This is the code ValidSignature_NotAllDocuments.

2. A signature has a ds:Reference with a full URI and the corresponding
document is not present in the request.... The code should be different:
if the server does not gain access to the document, it is impossible to
verify the signature.... so I propose a code in the line of:

urn:oasis:names:tc:dss:1.0:resultminor:RerencedDocumentNotPresent

Reference to the error code in section 4.3 should change to this one.
Text in section 4.4 should be added; something like:

A ds:Reference element is present in the ds:Signature containing a full 
URI, but
the corresponding input document is not present in the request.

Regards
Juan Carlos.
Nick Pope wrote:

>A comment which I think has yet to be answered.
>
>Stefan - can you please record in comments tracking.
>
>Nick
>
>  
>
>>-----Original Message-----
>>From: scabre@ac.upc.edu [mailto:scabre@ac.upc.edu]
>>Sent: 16 June 2005 14:49
>>To: dss-comment@lists.oasis-open.org; Andreas Kuehne; Edward Shallow;
>>Konrad Lanz; Nick Pope; Tommy Lindberg
>>Cc: cruellas@ac.upc.edu
>>Subject: Question on Verifying result codes
>>
>>
>>Hi,
>>
>>Reading DSS Core draft we found a problem when describing result codes:
>>
>>In section 4.4, the result code ValidSignature_NotAllDocuments is
>>described as "The signature or timestamp is valid. However, the
>>signature or timestampt does not cover all of the input documents that
>>were passed in by the client". This means that this code should be
>>returned if client sends, for instance, two input documents and the
>>given signature only covers one of them.
>>However, in section 4.3, while describing the process to verify XML
>>signatures, the last paragraph of step 1 says that
>>ValidSignature_NotAllDocuments should be returned if there is a
>>ds:Reference using a full URI and the corresponding input document is
>>not present.
>>
>>I think that these are two diferent situations, so maybe should be
>>noticed to the client using two diferent result codes.
>>
>>Regards,
>>
>>Juan Carlos and Sergi
>>
>>
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]