[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [dss] Use case: which signature?
A multi-party agreement may have multiple signatures associated with the document, detached or enveloped. (Some may want to add enveloping, but I won't.) A client should be able to send a verification request to the service and specify which signature(s) it wants verified. > 2.3.2 Signed Data: Reference or direct provision > > Data items to be signed/validated should be either provided > to the service as a reference (URI), or directly as part of > the request. The latter is important for situations where > the data to be signed cannot be located by resolving a URI. In some (many? :) cases, a DSS service will not be willing to retrieve data from arbitrary URL's on behalf of a client. In this case, the client must be able to "push" the data, along with an indicator of the URL of the data. Extending on this, a DSS service might be asked to verify a signature where it does not have the privileges to read the source document. A "just trust the References" mode would allow such a service to operate. /r$
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC