OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Additional certficate information

As a follow up to my comments during the last days and this morning.

Line 424 of the browser-sso-draft says:

'Other certificate information MAY be included in additional child 
elements of the <ds:X509Data>

The restrictions of holder-of-key concerning the choice that can be 
selected in
the X509DataType doesn't  seem to prohibit to add arbitrary elements of 
the <any> choice.

If my reading is correct, one can include for example the XER encoding of a
certificate at that place simplifying the parsing of the certificate.
Or a sequence of saml attributs

Line 447ff permit to use other information from the certificate for 
whatever other purpose.
This can obviously by decoding the certificate, but IMO it is not 
prohibited to
have additional elements in the X509Data prepared by the ID provider.

What is the reason for  disallowing  X509CRL ? (Not that I want them).

TIA for any additional response.

S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]