[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services-comment] Additional certficate information
Peter, when you refer to a draft, please specify the draft number (or the document id) and the document type (PDF or whatever). There are many drafts of the HoK Web Browser SSO Profile. Thanks in advance for your comments, Tom On Fri, Nov 21, 2008 at 8:58 AM, Peter Sylvester <Peter.Sylvester@edelweb.fr> wrote: > As a follow up to my comments during the last days and this morning. > > 1: > Line 424 of the browser-sso-draft says: > > 'Other certificate information MAY be included in additional child elements > of the <ds:X509Data> > > The restrictions of holder-of-key concerning the choice that can be selected > in > the X509DataType doesn't seem to prohibit to add arbitrary elements of the > <any> choice. > > If my reading is correct, one can include for example the XER encoding of a > certificate at that place simplifying the parsing of the certificate. > Or a sequence of saml attributs > > 2; > Line 447ff permit to use other information from the certificate for whatever > other purpose. > This can obviously by decoding the certificate, but IMO it is not prohibited > to > have additional elements in the X509Data prepared by the ID provider. > > 3: > What is the reason for disallowing X509CRL ? (Not that I want them). > > > TIA for any additional response. > Peter > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]