- From: Cantor, Scott E. <cantor.2@osu.edu>
- Date: Tue, 8 Mar 2011 15:10:23 +0000
- To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
- CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
On 3/8/11 10:02 AM, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com> wrote: >should the first sentence read "signers" instead of "verifiers"? > >> While using the PositionAssertion feature allows more flexibility in >> accomodating XPath-unaware verifiers Could be either or both, I guess. The signer needs enough XPath knowledge to be able to put the paths into the assertion, but I suppose that's different than being able to evaluate them. What was meant was that using ID + assertion means that the verifier doesn't *have* to support XPath to verify the signature (like today), but as was pointed out, without XPath, you can't do so safely, thus the warning. Maybe just make it "signers and verifiers". -- Scott
Received on Tuesday, 8 March 2011 15:11:26 UTC