W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008

Re: Some strawman ideas concerning <ds:Transforms>

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Wed, 23 Jul 2008 16:37:01 +0200
Message-ID: <4887420D.7070102@iaik.tugraz.at>
To: Pratik Datta <pratik.datta@oracle.com>
CC: Sean Mullan <Sean.Mullan@sun.com>, public-xmlsec@w3.org
Hi,

Pratik Datta wrote:
> I would like to see if we can achieve this streaming hint with forward 
> compatibility.
>   
+1 to at least trying to achieve that.
> By that I mean, we put in the hint in such a place that older implementations 
> can still verify such a signature by ignoring the hint, whereas newer 
> implementations can take advantage of this hint and do streaming.
>   
Quick Proposal:

        <ds:Reference URI="">
            <?ds:Reference dereference as event stream allowed,
constrained transforms enforced, legacy equivalent processing and
compatible results are hereby stipulated ?>
            <ds:Transforms>
              ...
            </ds:Transforms>
            <ds:DigestMethod Algorithm="..."/>
            <ds:DigestValue>...</ds:DigestValue>
        </ds:Reference>

If  the hints / preconditions are not fulfilled by the ds:Transforms,
throw an error.
> [...] how about adding it as a new attribute to an existing transform?  
> Implementations will probably ignore unknown attributes. Or maybe add a new 
> transformation parameter?
>   
I doubt that extension points will be ignored by applications in
general, hence my preference for a processing-instruction.

Konrad

-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm



Received on Wednesday, 23 July 2008 14:38:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT