[Specs-cx] Binding X.509 subject to /Contract/Party/@id
David García
david.garcia at tractis.com
Tue Apr 20 08:34:16 UTC 2010
Hi Nara,
in my opinion maybe the best option is signing XRD.
This way you will have a proof of possession of the certificate by the party
offering XRD prior of starting contract exchange.
I've been cheking XRD
signature<http://www.oasis-open.org/committees/download.php/36030/xrd-trust-basic-x509-1.0-wd01.html>and
they're quite aligned with some questions we discussed before, like
restrictions over signing certificate's key usage. Furthermore they define
with some detail signature validation process.
Best regards!
Dave
2010/4/20 nara hideki <hdknr at ic-tact.co.jp>
> Hi, experts.
>
> I think that there should be rules for binding X.509 subject used to
> sign a contract to /Contract/Party/@id.
>
> Two ways came to my mind :
>
> 1. XRD/XRDS discovered for /Contract/Party/@id MUST be signed with
> same certificate used to sign contracts.
> 2. X.509 should be has a property for the Party/@id.
>
> There could be more or better ones.
>
> Any idea welcome.
>
> Thanks.
> ---
> hdknr
> _______________________________________________
> Specs-cx mailing list
> Specs-cx at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>
--
David Garcia
CTO
Tractis - Online contracts you can enforce
http://www.tractis.com
--
Email: david.garcia at tractis.com
Skype: deiffbcn
Blog: http://blog.negonation.com
Linkedin: http://www.linkedin.com/in/davebcn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-cx/attachments/20100420/0caa2bbd/attachment.htm>
More information about the Specs-cx
mailing list