RE: importing terminology in "XML-Signature Requirements" from Richard D. Brown on 1999-07-21 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: Richard D. Brown <rdbrown@Globeset.com>
Date: Tue, 20 Jul 1999 19:33:02 -0500
To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, "'Dan Connolly'" <connolly@w3.org>
Cc: "'IETF/W3C XML-DSig WG'" <w3c-ietf-xmldsig@w3.org>
Message-ID: <007f01bed310$97b87be0$0bc0010a@artemis.globeset.com>

> This also touches on the issue of being able to sign
> the original content (the PDF file) instead of the encoded
> and attached version of the original content.
> Richard: how did you propose to do this?

If you refer to the proposal I did to Richard Himes, it consists of
packaging the encoded content of the resource and the detached signature in
a single XML document. The encoded content is encapsulated in an XML element
that displays the encoding scheme as well as the 'Web locator' associated
with the resource, whose content is being encapsulated. This proposal
assumed that the application would decode and 'cache' the packaged resources
(or at least emulate such behaviors) before verification of the Resource
elements contained in the signature Manifest. Notice that this proposal has
been made in the context of a specific application and did not try to
address the problem in general.

>  >Under Format:
>  >	1.An XML-Signature is XML. [Charter]
>  >huh? That sort of looks like you're saying
>  >	An XML-Signature is an XML document
>  >but I doubt you mean that. I think you mean:
>  >	An XML-Signature is an XML element
>  >but I'm not sure.
>
> !An XML-Signature is a well-formed XML document. [Charter]

I would argue that an XML-Signature is a well-formed XML element. Although
the XMLDSIG DTD defines syntax for a 'Signed Document' (an XML document in
that case), in most circumstances other XML applications will leverage the
definition of the Signature element without importing the document
definition.

>
>  >This seems to import a notion of XML document type
>  >that's not in the XML 1.0 specification:
>  >	An XML document of a certain type must still be
>  >	recognizable as its original type when signed.
>  >I think you mean that if a document bears a certain
>  ><!DOCTYPE ...> you must be able to sign it without changing
>  >the <!DOCTYPE ...>. I think that's an impossible requirement
>  >in the general case. Could you explain more clearly what
>  >you mean here?
>
> For example, an XML form, when signed, should still be
> recognizable as a XML
> form after it has been signed.
>

Actually, the applications that will leverage the XMLDSIG specification will
import the Signature element definition from the XMLDSIG DTD. Therefore, the
Signature element by itself is part of the document definition.

Sincerely,

Richard D. Brown
Software Architect - R&D
Globeset, Inc. Austin, TX - U.S.

Received on Tuesday, 20 July 1999 20:33:32 UTC