[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services-comment] Specifying Issuer (vs. Subject)
Hi, I'm not a member in the WG so let me see if this comment
list is actually active. Here is a comment/question regarding
draft-sstc-core-25, version of I noticed that there is a strong a-symmetry between the
encoding of Issuer vs. Subject information. The Subject information is well
specified in SubjectStatement element (with subelements for name and
confirmation, e.g. key). But it seems to me that Issuer should be specified
only by name, as a mandatory attribute of <Assertion> element. Am I
right? Why is this? I can explain why there may be situations where we may want
more or different ways to identify the issuer (in particular, to identify the
method to confirm the issuer, e.g. public key, can be very important). Regards,
Amir
Herzberg See http://amir.beesites.co.il/book.html
for lectures and
draft-chapters from book-in-progress, `secure communication and commerce using
cryptography`; feedback welcome! |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC