W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008

Re: Some strawman ideas concerning <ds:Transforms>

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 23 Jul 2008 17:00:05 -0400
To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Cc: Pratik Datta <pratik.datta@oracle.com>, public-xmlsec@w3.org
Message-id: <48879BD5.3030608@sun.com>

You could also potentially put the hint in a SignatureProperty element, 
for example:


I could imagine other properties for different profiles, ex: <Simple/>.

If you assume a two-pass model, then you can look for this property in 
the first pass.


Konrad Lanz wrote:
> Hi,
> Pratik Datta wrote:
>> I would like to see if we can achieve this streaming hint with forward 
>> compatibility.
> +1 to at least trying to achieve that.
>> By that I mean, we put in the hint in such a place that older implementations 
>> can still verify such a signature by ignoring the hint, whereas newer 
>> implementations can take advantage of this hint and do streaming.
> Quick Proposal:
>         <ds:Reference URI="">
>             <?ds:Reference dereference as event stream allowed,
> constrained transforms enforced, legacy equivalent processing and
> compatible results are hereby stipulated ?>
>             <ds:Transforms>
>               ...
>             </ds:Transforms>
>             <ds:DigestMethod Algorithm="..."/>
>             <ds:DigestValue>...</ds:DigestValue>
>         </ds:Reference>
> If  the hints / preconditions are not fulfilled by the ds:Transforms,
> throw an error.
>> [...] how about adding it as a new attribute to an existing transform?  
>> Implementations will probably ignore unknown attributes. Or maybe add a new 
>> transformation parameter?
> I doubt that extension points will be ignored by applications in
> general, hence my preference for a processing-instruction.
> Konrad
Received on Wednesday, 23 July 2008 21:00:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:09 UTC