Hi Nara,<br><br>we can define certificate requirements whenever you want :) . <br><br>We can also check how qcStatement from <a href="http://www.ietf.org/rfc/rfc3739.txt">http://www.ietf.org/rfc/rfc3739.txt</a> on qualified certificates can help us on determining Contract <tt class="docutils literal"><span class="pre">Price </span></tt>. This extension is widely used and defines the monetary boundary where those types certificates could be used) .<br>
<br>Maybe we could create a topic about the certificates used by parties to sign contracts. I'll be very pleased If I could help.<br><br>Best regards<br><br>Dave<br><br><div class="gmail_quote">2010/4/16 nara hideki <span dir="ltr"><<a href="mailto:hdknr@ic-tact.co.jp">hdknr@ic-tact.co.jp</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello, David,<br>
<br>
Thank you very much for your right information.<br>
We should describe this kind of verification for certificate and keys<br>
in some way in the spec.<br>
<br>
Thank you.<br>
----<br>
hdknr<br>
<br>
2010/4/15 David García <<a href="mailto:david.garcia@tractis.com">david.garcia@tractis.com</a>>:<br>
<div><div></div><div class="h5">> Hi Nara,<br>
><br>
> when signing a contract maybe it would be good to check the keyusage<br>
> extension from the signing certificate in order to know is issuer determined<br>
> that this certificate could be used on digital signature procedures.<br>
><br>
> In this context maybe an certificate used to create SSL channels may not<br>
> include those usages. Using those certificates with wrong key usage on<br>
> agreements could not be semantically correct regarding to the definition of<br>
> this extension.<br>
><br>
> Best regards<br>
><br>
> Dave<br>
><br>
><br>
><br>
> 2010/4/15 nara hideki <<a href="mailto:hdknr@ic-tact.co.jp">hdknr@ic-tact.co.jp</a>><br>
>><br>
>> Hi,all<br>
>><br>
>> I think we should define the meaning of /Contract/Party/URL element<br>
>> more precisely.<br>
>><br>
>> 1. for OP<br>
>><br>
>> This may be easy to define. If someone discovery this URL, the OP<br>
>> should return a XRDS/XDS<br>
>> which include the CX service endpoint used for this Contract as far as<br>
>> the contract is<br>
>> effective and in the term of validity.<br>
>><br>
>> The certificate used for HTTPS connection seems to be equal to the one<br>
>> used for singing<br>
>> the Contract XML.<br>
>><br>
>> 2. for RP<br>
>><br>
>> The RP also should return the XRDS/XRD describe himself.<br>
>> The certificate used for HTTPS connection also seems to be equal to<br>
>> the one used for singing<br>
>> the Contract(Proposal) XML.<br>
>><br>
>> 3. for End User(s)<br>
>><br>
>> I think this is URL(XRI) of the End User who accepted the contract. So<br>
>> this should be the<br>
>> OP local identifier which could be a PPID ( pairwise pseudo identifier).<br>
>> This should return the XRDS/XRD describing the End User.<br>
>> If he is the signer, the public key should be while-listed or<br>
>> registered at the proposing party.<br>
>><br>
>> Any suggestions please.<br>
>> ----<br>
>> hdknr<br>
>> _______________________________________________<br>
>> Specs-cx mailing list<br>
>> <a href="mailto:Specs-cx@lists.openid.net">Specs-cx@lists.openid.net</a><br>
>> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-cx" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-cx</a><br>
><br>
><br>
><br>
> --<br>
> David Garcia<br>
> CTO<br>
> Tractis - Online contracts you can enforce<br>
> <a href="http://www.tractis.com" target="_blank">http://www.tractis.com</a><br>
> --<br>
> Email: <a href="mailto:david.garcia@tractis.com">david.garcia@tractis.com</a><br>
> Skype: deiffbcn<br>
> Blog: <a href="http://blog.negonation.com" target="_blank">http://blog.negonation.com</a><br>
> Linkedin: <a href="http://www.linkedin.com/in/davebcn" target="_blank">http://www.linkedin.com/in/davebcn</a><br>
><br>
><br>
><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>David Garcia<br>CTO<br>Tractis - Online contracts you can enforce<br><a href="http://www.tractis.com">http://www.tractis.com</a><br>--<br>Email: <a href="mailto:david.garcia@tractis.com">david.garcia@tractis.com</a><br>
Skype: deiffbcn<br>Blog: <a href="http://blog.negonation.com">http://blog.negonation.com</a><br>Linkedin: <a href="http://www.linkedin.com/in/davebcn">http://www.linkedin.com/in/davebcn</a><br><br><br>