RE: importing terminology in "XML-Signature Requirements"

>
> I don't think you want to require that stuff be addressable.
> I expect to be able to sign content from stdin, for example.
>
> But if you're going to to as far as "addressable object"
> you might as well say "Web resource." It means the same thing,
> unles you've got some other addressing mechanism (besides URIs)
> in mind.
>

To refer more closely to XML and XLink specifications, I would argue that
the signature applies to any unit of information that is reachable and
unambiguously identifiable by means of a locator, whose value is comprised
of a URI, or a fragment identifier, or both.

If one is willing to sign the content from stdin, then he will have to
package that content into a resource that is addressable by means of a
locator contained in the signature element. One solution would be to package
the content of stdin into an XML element (after encoding if necessary) and
attach that element along with the signature element to a common XML
document. Notice that such a solution is not part of the XMLDSIG
specification but stands on its own as a particular application of XMLDSIG
specification. As S/MIME is a particular application of CMS (Cryptographic
Message Syntax) to secure 'MIME content', XMLDSIG will specify the core
syntax and some "X/MIME" standard will specify how to apply it to 'MIME
content'.


Richard D. Brown

Received on Wednesday, 21 July 1999 18:47:16 UTC