[Specs-cx] Binding X.509 subject to /Contract/Party/@id
nara hideki
hdknr at ic-tact.co.jp
Thu Apr 22 05:15:21 UTC 2010
Thank you again David.
I should look at the XRD signature.
Thanks!
---
hdknr
2010/4/20 David García <david.garcia at tractis.com>:
> Hi Nara,
>
> in my opinion maybe the best option is signing XRD.
>
> This way you will have a proof of possession of the certificate by the party
> offering XRD prior of starting contract exchange.
>
> I've been cheking XRD signature and they're quite aligned with some
> questions we discussed before, like restrictions over signing certificate's
> key usage. Furthermore they define with some detail signature validation
> process.
>
> Best regards!
>
> Dave
>
> 2010/4/20 nara hideki <hdknr at ic-tact.co.jp>
>>
>> Hi, experts.
>>
>> I think that there should be rules for binding X.509 subject used to
>> sign a contract to /Contract/Party/@id.
>>
>> Two ways came to my mind :
>>
>> 1. XRD/XRDS discovered for /Contract/Party/@id MUST be signed with
>> same certificate used to sign contracts.
>> 2. X.509 should be has a property for the Party/@id.
>>
>> There could be more or better ones.
>>
>> Any idea welcome.
>>
>> Thanks.
>> ---
>> hdknr
>> _______________________________________________
>> Specs-cx mailing list
>> Specs-cx at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-cx
>
>
>
> --
> David Garcia
> CTO
> Tractis - Online contracts you can enforce
> http://www.tractis.com
> --
> Email: david.garcia at tractis.com
> Skype: deiffbcn
> Blog: http://blog.negonation.com
> Linkedin: http://www.linkedin.com/in/davebcn
>
>
>
More information about the Specs-cx
mailing list