- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Wed, 23 Jul 2008 16:37:01 +0200
- To: Pratik Datta <pratik.datta@oracle.com>
- CC: Sean Mullan <Sean.Mullan@sun.com>, public-xmlsec@w3.org
- Message-ID: <4887420D.7070102@iaik.tugraz.at>
Hi,
Pratik Datta wrote:
> I would like to see if we can achieve this streaming hint with forward
> compatibility.
>
+1 to at least trying to achieve that.
> By that I mean, we put in the hint in such a place that older implementations
> can still verify such a signature by ignoring the hint, whereas newer
> implementations can take advantage of this hint and do streaming.
>
Quick Proposal:
<ds:Reference URI="">
<?ds:Reference dereference as event stream allowed,
constrained transforms enforced, legacy equivalent processing and
compatible results are hereby stipulated ?>
<ds:Transforms>
...
</ds:Transforms>
<ds:DigestMethod Algorithm="..."/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
If the hints / preconditions are not fulfilled by the ds:Transforms,
throw an error.
> [...] how about adding it as a new attribute to an existing transform?
> Implementations will probably ignore unknown attributes. Or maybe add a new
> transformation parameter?
>
I doubt that extension points will be ignored by applications in
general, hence my preference for a processing-instruction.
Konrad
--
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at
Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm
Received on Wednesday, 23 July 2008 14:38:18 UTC