- changed status to open
Trust Mark Issuers
Issue #2086
closed
In the specification it is stated that about the Entity Statement claim trust_mark_issuers:
“If the value list bound to a Trust Mark identifier is empty, anyone can issue Trust Marks with that identifier.”
Then is Section 5.3 Trust Marks this text appears:
“The fact that a Trust Mark Issuer is accepted by the federation is expressed in the trust_marks_issuers claim of the Trust Anchor.”
Obviously if these are general statements they are contradictory.
Now, also in Section 5.3, we have this line:
“Note that a federation MAY allow an Entity to self-sign some Trust Marks.”
To get ride of the contradiction of the first two statements we could replace the first statement with:
“If the value list bound to a Trust Mark identifier is empty, then that Trust Mark identifier can only be used in self-signed trust marks and any entity within the Federation can issue a Trust Marks with that identifier.”
and rewrite the second statement to be something like:
“The fact that a Trust Mark Issuer is accepted by the federation, to issue Trust Marks that are not self-signed, is expressed in the trust_marks_issuers claim of the Trust Anchor.
Comments (2)
-
-
reporter
- changed status to closed
The proposed rewording has be applied to the document.
- Log in to comment
I agree with the proposed rewordings.