>There > is no compelling need for attributes (authenticated or not) when > you already > have the expressive power of XML. If a signer wants to make qualified > statements about a particular XML blob, then the signer should make those > statements in XML (perhaps including a strong reference/hash of > the original > blob) and sign *that*. In any event, you're always signing a > particular XML > object. And what when a single document must be signed more than once? Most E-Commerce protocols will involve signatories and counter-signatories up the wazoo. Also from the implementation standpoint, attibutes directly attached to signatures are easier to deal with. The signing hardware (if used) is unlikely to see (or want to see) the entire document. Even so a signing token may well want to insert disclaimers such as 'not valid for more than $10,000'. PhillReceived on Wednesday, 16 June 1999 10:17:27 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:06 GMT