[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Passing URLs
At 09:12 AM 10/23/2003 +0200, Andreas Kuehne wrote: >Content-Transfer-Encoding: 7bit > >Hi Trevor ! > > > I asked Gregor for some elaboration on the requirement that the client can > > send URIs of to-be-signed data to the server. > > > > His response is informative - > >Yes, I see ! No one wants to loose features available to XMLDSIG. And I >understand the shortcommings of moving data redundantly. > >But acting on his own behalf the DSS server may not have the rights to >access a given URL. So we probably need a 'claimed role' structure in the >request. We have a <ClaimedIdentity> element as an Option. It's a string, to contain "The identity or role asserted by the client. " (at least that's what the requirements doc says). > And a matching 'CodeErrorType' if the access to the document fails. > >Much more common to me is a DSS server that has very limited access to the >outside world. > I would like to have a bit in the signature profile saying 'document > required to be within the request'. So the requestor didn't even thinks > about just passing a URL. That makes sense. Or we could go further and remove <DocumentURI> entirely. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]