W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

ID Mapping

From: Richard Himes <rhimes@nmcourt.fed.us>
Date: Thu, 19 Aug 1999 11:26:59 -0600
Message-ID: <37BC3E63.585FD53C@nmcourt.fed.us>
To: w3c-ietf-xmldsig@w3.org
I posted this problem recently and didn't get a response, so I'm
guessing it hasn't been addressed.

Suppose that there are two (or more) signed elements in two (or more)
different documents, that they are signed by local reference (href to
#id), and that they are to be combined to form a new document, perhaps a
legal document that has collected a history of signed events for a
brief.  Suppose further that it is inescapable that, in general,
duplicate ids will result, which is not well formed XML (and confuses
the signature algorithms.)  These ids will have to be renumbered, which
will break some of the signatures.

I believe we should include a mapping element for each affected
<Signature> element, which is outside the manifest (not signed), such as

<IdMap>4=1 5=2 6=3</IdMap>

Thus, if this signature signed  elements with id='1', id='2', id='3' in
the original document, and these ids had to be changed to 4, 5, and 6
respectively in the combined document, the map would allow the ids (of
these pieces) to be converted back to their original state for
authentication.  AFAIK, the map would be unable to "lie" (breach
security) and still obtain valid signatures for the referenced elements.

Thanks,
Rich
Received on Thursday, 19 August 1999 13:28:01 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT