[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wss] Proof-of-Possession
> > It may be prudent for us to remove the POP term from our specs. > For example in response to comment 2, we could rewrite the cited > paragraph to the following: > > Signatures are also used by message senders to demonstrate knowledge > of the key claimed in a > security token and thus to authenticate or bind their identity (and > any other claims occurring in the 247 > security token) to the messages they create. A signature created by a > message sender to 248 > demonstrate knowledge of an authentication key serves to authenticate > the signed message content. Sorry, I forgot that there is at least one other terminology change that is likely called for in the cited para. That is, it is not really appropriate to use the word "authenticate" on the evidence provider side, as authentication is verification done by the relying party/receiver. Signatures are also used by message senders to demonstrate knowledge of the key claimed in a security token and thus to bind their identity (and any other claims occurring in the 247 security token) to the messages they create. A signature created by a message sender to 248 demonstrate knowledge of an authentication key serves to establish the sender as the source of the signed content. I realize that "the source the signed content" may be controversial. I qualified the what the message sender/signer was a source of realizing that the content itself may have originally been from another source, or occur as signed content in other signatures. Ron > > > Ron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC