[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] RE: Question on Verifying result codes
Dear all, My view is that we are dealing with two different issues that require two different codes: 1. A signature-timestamp is verified OK but there are certain input documents that are not covered by it. This is the code ValidSignature_NotAllDocuments. 2. A signature has a ds:Reference with a full URI and the corresponding document is not present in the request.... The code should be different: if the server does not gain access to the document, it is impossible to verify the signature.... so I propose a code in the line of: urn:oasis:names:tc:dss:1.0:resultminor:RerencedDocumentNotPresent Reference to the error code in section 4.3 should change to this one. Text in section 4.4 should be added; something like: A ds:Reference element is present in the ds:Signature containing a full URI, but the corresponding input document is not present in the request. Regards Juan Carlos. Nick Pope wrote: >A comment which I think has yet to be answered. > >Stefan - can you please record in comments tracking. > >Nick > > > >>-----Original Message----- >>From: scabre@ac.upc.edu [mailto:scabre@ac.upc.edu] >>Sent: 16 June 2005 14:49 >>To: dss-comment@lists.oasis-open.org; Andreas Kuehne; Edward Shallow; >>Konrad Lanz; Nick Pope; Tommy Lindberg >>Cc: cruellas@ac.upc.edu >>Subject: Question on Verifying result codes >> >> >>Hi, >> >>Reading DSS Core draft we found a problem when describing result codes: >> >>In section 4.4, the result code ValidSignature_NotAllDocuments is >>described as "The signature or timestamp is valid. However, the >>signature or timestampt does not cover all of the input documents that >>were passed in by the client". This means that this code should be >>returned if client sends, for instance, two input documents and the >>given signature only covers one of them. >>However, in section 4.3, while describing the process to verify XML >>signatures, the last paragraph of step 1 says that >>ValidSignature_NotAllDocuments should be returned if there is a >>ds:Reference using a full URI and the corresponding input document is >>not present. >> >>I think that these are two diferent situations, so maybe should be >>noticed to the client using two diferent result codes. >> >>Regards, >> >>Juan Carlos and Sergi >> >> >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. You may a link to this group and all your TCs in OASIS >at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]