ISSUE-237: Augmented Assurance Certificate Elements [wsc-xit] from Web Security Context Working Group Issue Tracker on 2010-02-22 (public-wsc-wg@w3.org from February 2010)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 22 Feb 2010 23:07:42 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20100222230742.AAAE47F46F@otto.w3.org>

ISSUE-237: Augmented Assurance Certificate Elements [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/237

Raised by: Thomas Roessler
On product: wsc-xit

During CR, it was observed that:
- implementations commonly display O and CN
- if O is not present, extended validation certificates are still recognized (against conformance claim III), and CN is displayed

Proposed:

- to augment the conformance claim by a statement that identifies "What broadly accepted practices are considered sufficient for a trust anchor to be deemed augmented assurance qualified (see 5.1.2 Augmented Assurance Certificates), and what data elements are deemed assured by those certificates."
- to change conformance claims II and III into the following:
"To derive a human-readable subject name from an augmented assurance certificate, user agents SHOULD use the Subject field's Organization (O) and Country (CN) attributes. They MUST use information that is subject to the certificate authority's additional assurances, as documented in the user agent's conformance statement." (#II and #IIa in the latest editor's draft)

Received on Monday, 22 February 2010 23:07:44 UTC