W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Where would the appropriate place to identify a "Role" of a x509d ata subject?

From: Lynn Sites <Lynn_Sites@Equinta.com>
Date: Sat, 8 Jul 2000 15:18:33 -0400 (EDT)
Message-ID: <5FE9651F29EED311A8F4009027736360304929@EQ_2>
To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Gentlemen:
I am developing a real estate transaction application and need to declare a
role of a specific signatory to a document, such as Buyer1, Buyer2,
BuyersAgent, SellersAgent,...  I am wondering where we would declare that,
as an attribute of the x509Data element , such as a  X509SubjectRole
element, which would contain an X.509 subject distinguished name role or is
there another more appropriate location ?

We will be having structured xml documents which will have specific
locations enunciated to sign for the various  parties of the transaction.

Any help in the matter would be appreciated


Lynn Sites
Chief Technologist
Lynn_Sites@Equinta.com
1-858-713-1966



4.4.4 The X509Data Element
An X509Data element within KeyInfo contains one or more identifiers of
keys/X509 certificates that may be useful for validation. Five types of
X509Data pointers are defined:
	The X509IssuerSerial element, which contains an X.509 issuer
distinguished name/serial number pair, 
	The X509SubjectName element, which contains an X.509 subject
distinguished name, 
	The X509SKI element, which contains an X.509 subject key identifier
value. 
	The X509Certificate element, which contains a Base64-encoded X.509v3
certificate, and 
	The X509CRL element, which contains a Base64-encoded X.509v2
certificate revocation list (CRL). 
Multiple declarations about a single certificate (e.g., a X509SubjectName
and X509IssuerSerial element) MUST be grouped inside a single X509Data
element; multiple declarations about the same key but different certificates
(related to that single key) MUST be grouped within a single KeyInfo element
but multiple X509Data elements. For example, the following block contains
two pointers to certificate-A (issuer/serial number & SKI) and a single
reference to certificate-B (Subject Name):
Received on Monday, 10 July 2000 09:45:47 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT