tag:blogger.com,1999:blog-37220752.post3484060851250848582..comments2023-10-12T15:18:33.305+02:00Comments on ignisvulpis: eCards and CardSpaceAnonymoushttp://www.blogger.com/profile/01265275474642785203noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-37220752.post-63841340415208314882007-07-16T21:12:00.000+02:002007-07-16T21:12:00.000+02:00Done!linkDone!<BR/><BR/><A HREF="http://pkithoughts.blogspot.com/2007/07/pki-hostage-mode.html" REL="nofollow">link</A>The Mad Scientisthttps://www.blogger.com/profile/06747422771609849433noreply@blogger.comtag:blogger.com,1999:blog-37220752.post-58503437626248602952007-07-15T23:50:00.000+02:002007-07-15T23:50:00.000+02:00Hi Anders, I don't want to go into this too much, ...Hi Anders, I don't want to go into this too much, because I want the topics of this blog to be related to CardSpace, OpenId, Liberty Aliance, SAML, WS-* ... <BR/>I see your point but to my knowledge people are allowed to have multiple cards, which they can use to sign documents in different roles.<BR/>If you want to go deeper into this, then I suggest you create a post in <A HREF="http://pkithoughts.blogspot.com/" REL="nofollow">your blog</A>. -AxelAnonymoushttps://www.blogger.com/profile/01265275474642785203noreply@blogger.comtag:blogger.com,1999:blog-37220752.post-44255259287864640002007-07-15T08:03:00.000+02:002007-07-15T08:03:00.000+02:00The most "interesting" thing about German eCard st...The most "interesting" thing about German eCard standards is that in order for a server to send a signed message to another organization, the German's use a human "hostage" as the official signer.<BR/><BR/>Fortunately, Scandinavian governments have rejected this method and use and organization-only signature which is like a secure letterhead. Who is actually behind the message may be stated in the message itself.<BR/><BR/>In Germany, a paper-invoice do not need a signature while an electronic ditto does. And it must of course be a hostage-signature otherwise is would not be compliant with German signature laws.<BR/><BR/>Is the hostage-signature more secure than the org (only)-signature maybe? I would say no because the process of certifying an employee (ID+association) does not scale well and leads to zillions of trust anchors (click "yes" to enable this CA). To cope with that you need another thing that does not work well, the "bridge CA" concept.The Mad Scientisthttps://www.blogger.com/profile/06747422771609849433noreply@blogger.com