pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New Attributes for Part 12

1993-09-03 10:35:00
from [Richard . Ankney] [Permanent Link] 
The message Bob forwarded regarding new attributes is proposed new text for
the NIST OIW Implementation Agreements.  This text would go into the Working
Agreements this month, and Stable Agreements in December, if adopted by the
Workshop.  The OIW is used to register algorithms, attributes, and other
interesting security objects by ANSI X9F1, to avoid hassling with the ANSI
registration folks over object IDs, and also to publicize what is registered.

The signature purpose attribute is intended as an authenticated attribute
in a multiply-signed message, i.e. it is included in the signature computed
by an individual signer (concept shamelessly stolen from RSADSI's PKCS #7).
It indicates whether the signer intends to authorize, cosign, witness, etc.
the document, and is analogous to the "business purpose of assurance" field
in the latest X12.58 (EDI Security Structures) draft.  I can also picture
the role name being used in this manner, so the individual signs a document
exercising a particular role for a particular purpose, all subject to any
restrictions imposed by the (notorious) X9F1 authorization certificates for
the user, role, etc.  This is one of the mechanisms we are looking at in
X9F1 for the use of roles, along with the use of organizational role
signatures as formulated by Steve Kent.

I agree that it would be desirable to construct appropriate schema elements
(e.g. object class definitions) for roles and agents, and certainly the
IETF is a good place to do this.  I would certainly be willing to work with
Peter and anyone else who is interested in doing this. I had visualized
this being an extra naming attribute for a variant of OrganizationalPerson,
e.g.:
 C=US; O=ABC Co.; { CN=Joe Smith; RN=Purchasing Agent }.

Bearing in mind that X9F1 plans on using the attributes, I would propose
leaving the registration of those in the OIW text (if possible), and
registering everything else via MHS-DS. Another possibility would be to put
them in the Working Agreements without OIDs, and move them to the Stable
Agreements when OIDs are assigned by MHS-DS.

Regards,
Rich
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New Attributes for Part 12, jueneman
Next by Date:  COST-PEM Electronic Presentation, Sead Muftic
Previous by Thread:  Re: New Attributes for Part 12, jueneman
Next by Thread:  COST-PEM Electronic Presentation, Sead Muftic
Indexes:  [Date] [Thread] [Top] [All Lists]