OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] [Fwd: [security-services-comment] SpecifyingIssuer (vs. Subject)]

We've received a comment on the security-services-comment list from Amir

[security-services-comment] Specifying Issuer (vs. Subject) 




Hi, I'm not a member in the WG so let me see if this comment list is actually active. Here is a comment/question regarding draft-sstc-core-25, version of Jan. 10th 2002.


I noticed that there is a strong a-symmetry between the encoding of Issuer vs. Subject information. The Subject information is well specified in SubjectStatement element (with subelements for name and confirmation, e.g. key). But it seems to me that Issuer should be specified only by name, as a mandatory attribute of <Assertion> element. Am I right? Why is this? I can explain why there may be situations where we may want more or different ways to identify the issuer (in particular, to identify the method to confirm the issuer, e.g. public key, can be very important).




Amir Herzberg

See http://amir.beesites.co.il/book.html  for lectures and draft-chapters from book-in-progress, `secure communication and commerce using cryptography`; feedback welcome!


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC