- From: Lynn Sites <Lynn_Sites@Equinta.com>
- Date: Sat, 8 Jul 2000 15:18:33 -0400 (EDT)
- To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Gentlemen: I am developing a real estate transaction application and need to declare a role of a specific signatory to a document, such as Buyer1, Buyer2, BuyersAgent, SellersAgent,... I am wondering where we would declare that, as an attribute of the x509Data element , such as a X509SubjectRole element, which would contain an X.509 subject distinguished name role or is there another more appropriate location ? We will be having structured xml documents which will have specific locations enunciated to sign for the various parties of the transaction. Any help in the matter would be appreciated Lynn Sites Chief Technologist Lynn_Sites@Equinta.com 1-858-713-1966 4.4.4 The X509Data Element An X509Data element within KeyInfo contains one or more identifiers of keys/X509 certificates that may be useful for validation. Five types of X509Data pointers are defined: The X509IssuerSerial element, which contains an X.509 issuer distinguished name/serial number pair, The X509SubjectName element, which contains an X.509 subject distinguished name, The X509SKI element, which contains an X.509 subject key identifier value. The X509Certificate element, which contains a Base64-encoded X.509v3 certificate, and The X509CRL element, which contains a Base64-encoded X.509v2 certificate revocation list (CRL). Multiple declarations about a single certificate (e.g., a X509SubjectName and X509IssuerSerial element) MUST be grouped inside a single X509Data element; multiple declarations about the same key but different certificates (related to that single key) MUST be grouped within a single KeyInfo element but multiple X509Data elements. For example, the following block contains two pointers to certificate-A (issuer/serial number & SKI) and a single reference to certificate-B (Subject Name):
Received on Monday, 10 July 2000 09:45:47 UTC