[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Questions regarding X.509 Certificate Token Profile
Kefeng - The text could be slightly more clear with respect to the comment about KeyInfo identifying a signing key. I think the intended meaning is "The KeyInfo element indirectly identifies the signing key or the signer." It is important for the Key Info element to identify a particular signing key because it is the private signing key of the person who made the signature that is important. As for your second question, the exact packaging of the certficate is governed by three choices at this point: 1. The raw X.509 DER encoded certificate, 2. The PKIPath construction, or 3. A PKCS#7 message that contains the signer's certifcate among possibly other certificates. I still think that these types apply as we are still referencing a <BinarySecurityToken> in section 3.2.2. These are my observations. Others can chime in as well. Blake Dournaee Senior Architect Sarvega, Inc. Kefeng Chen wrote: >I have some questions regarding the WSS X.509 Certificate Token Profile >spec. > >1. At line 245 and 292, it states "The KeyInfo element specifies the signing >key...". > As I understand, the actual specified key is not a signing key. It is a >public key > or verification key. > >2. At line 212, it states "contains the binary X.509 security token data". >It is not clear to me > the binary X.509 refers to DER encoded binary or PKCS#7 binary format. > >Kefeng Chen > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]