- From: Andreas Siglreithmayr <andreas.siglreithmayr@ixos.de>
- Date: Wed, 22 Sep 1999 10:36:46 +0200
- To: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
I am a German student of Computer Science and am currently working as an intern at iXOS Software. I would be very grateful if someone could answer a few questions for me. I would like to know how an XML-signature (over several resources) could be implemented. One problem is that XML represents the content of a document and the presentation of the document is dependent on a style sheet, e.g. an XSL file. I think that if someone signs an XML-document, s/he would also have to sign the corresponding XSL file. If you didn't do this, someone could hide a text by changing the colour of the text in the XSL so it was the same colour as the background. Do you have any idea how this problem should be solved in an upcoming standard for signatures in XML? I would be most grateful if someone could explain it in an example and what it would look like. Would the following algorithm be correct: compute the digest of each resource (XSL, XML, etc.) merge all digests compute the digest of the result sign this digest and write the result in the <Value>-tag of the <Signature>-tag. If this is correct, where would the final digest be written to in the XML-Signature? Thankyou very much for your help. > ----------------------------------------------------------- > Andreas Siglreithmayr > Intern > Innovation > > iXOS Software AG > Technopark Neukeferloh > Bretonischer Ring 12 > D-85630 Grasbrunn/München > NEW TELEPHONE NUMBERS!! > Phone: (+49)-(89)-4629-1136 > Fax: (+49)-(89)-4629-331136 > World Wide Web: http://www.ixos.com/deutschland > E-Mail: andreas.siglreithmayr@munich.ixos.de > > >
Received on Wednesday, 22 September 1999 04:35:49 UTC