sbahloul
commented
8 years ago I propose to manage this issue through two actions :
- transaction context = non repudiation message
- move the security elements from 4.1.2 to a new section 4.1.6 Security considerations
in the following text : "To avoid context swapping, it is mandatory that the non-repudiation message contains specific data for the requested transaction with the requesting party, the purpose of the transaction and the date of the operation."
It is not clear for a non-expert what is the 'non-repudiation message'. How do you correlate that with the API proposal ? --> I would prefer that you first expose the API, then detail the parameters/notions and after give rationale or refinements of it.