Re: Where would the appropriate place to identify a "Role" of a x509d ata subject? from tgindin@us.ibm.com on 2000-07-10 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: <tgindin@us.ibm.com>
Date: Mon, 10 Jul 2000 16:50:34 -0400
To: Ken Goldman <kgold@watson.ibm.com>
cc: Lynn_Sites@Equinta.com, w3c-ietf-xmldsig@w3.org
Message-ID: <85256918.00727E71.00@D51MTA04.pok.ibm.com>

     I don't see any place to put Attribute Certificates into X509Data (or
anywhere else in KeyInfo).  That is the natural way to put in an
authenticated role, I think.

          Tom Gindin

Ken Goldman <kgold@watson.ibm.com>@w3.org on 07/10/2000 10:13:49 AM

Sent by:  w3c-ietf-xmldsig-request@w3.org


To:   Lynn_Sites@Equinta.com
cc:   w3c-ietf-xmldsig@w3.org
Subject:  Re: Where would the appropriate place to identify a "Role" of a
      x509d ata subject?



> From: Lynn Sites <Lynn_Sites@Equinta.com>
> Old-Date: Sat, 8 Jul 2000 12:17:01 -0700
>
> I am developing a real estate transaction application and need to declare
a
> role of a specific signatory to a document, such as Buyer1, Buyer2,
> BuyersAgent, SellersAgent,...  I am wondering where we would declare
that,
> as an attribute of the x509Data element , such as a  X509SubjectRole
> element, which would contain an X.509 subject distinguished name role or
is
> there another more appropriate location ?
>
> We will be having structured xml documents which will have specific
> locations enunciated to sign for the various  parties of the transaction.

IMHO, the answer depends upon the higher level security model.  Who
assigns the role?  Who assigns trust in the signer?  What are the
consequences of a forged role?  Who is libel for the consequences?

The way I understand your proposal, you'd assign the role as a KeyInfo
element.

     Question for the list: Does the spec allow application defined
     attributes in KeyInfo.  I don't think so.  Am I missing
     something?

Anyway, why attach something to the certificate element which
presumably has nothing to do with the certificate.  It might be better
to create a wholly separate signed SignerRole element outside the
signature block, with the signer's role, name, address, etc.

OTOH, if it does have something to do with the certificate (the role
is being attested to by the certificate issuer), then it has to be in
the certificate or in some other way signed by the issuer.  Otherwise,
the signer can forge the role.

--
Ken Goldman   kgold@watson.ibm.com   914-784-7646

Received on Monday, 10 July 2000 16:50:49 UTC