W3C home > Mailing lists > Public > public-xmlsec@w3.org > March 2011

Re: ACTION 772: Add wording about using IncludedXPath in favor of PositionAssertion

From: Cantor, Scott E. <cantor.2@osu.edu>
Date: Tue, 8 Mar 2011 15:10:23 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <C99BB095.5FEA%cantor.2@osu.edu>
On 3/8/11 10:02 AM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:
>should the first sentence read "signers" instead of "verifiers"?
>
>> While using the PositionAssertion feature allows more flexibility in
>> accomodating XPath-unaware verifiers

Could be either or both, I guess. The signer needs enough XPath knowledge
to be able to put the paths into the assertion, but I suppose that's
different than being able to evaluate them.

What was meant was that using ID + assertion means that the verifier
doesn't *have* to support XPath to verify the signature (like today), but
as was pointed out, without XPath, you can't do so safely, thus the
warning.

Maybe just make it "signers and verifiers".

-- Scott
Received on Tuesday, 8 March 2011 15:11:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 March 2011 15:11:26 GMT