W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

RE: How to sign several resources (XML and XSL)?

From: Ed Simon <ed.simon@entrust.com>
Date: Thu, 23 Sep 1999 08:15:31 -0400
Message-ID: <01E1D01C12D7D211AFC70090273D20B105E777@sothmxs06.entrust.com>
To: "'Milton M. Anderson'" <miltonma@gte.net>, "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
For those who are fairly new to the list, I should point out
that the XML Signature spec does NOT require the semantics
of an XML blob to be captured.  If you just want to sign
"<doc>Meaningless drivel</doc>"
you can.  There is no need to capture semantics.

The approach being taken by the WG (members may correct/clarify
me if I'm too far behind on my email) is that the XML Signature
design will not specifically support capturing semantics
but the design will certainly not exclude applications that
need to capture semantics from doing so.

When organizations talk about capturing semantics within the
signed data, I believe they are talking more about what data
the application signed rather than recording the semantics
within the signature's attributes.

Regards, Ed

-----Original Message-----
From: Milton M. Anderson [mailto:miltonma@gte.net]
Sent: September 23, 1999 12:08 AM
To: W3c-Ietf-Xmldsig (E-mail)
Subject: Re: How to sign several resources (XML and XSL)?


For server-to-server applications it is also true that the document
closure issue can be addressed by the application's business rules.
The business rules can define that a valid document must contain
specific elements, and that the validity of the document is not affected
by any other elements outside of those which are signed and required
to be present at the workflow processing node under consideration.

Furthermore, I'm opposed to imbuing signatures with a generic "meaning"
stronger than --
Verify (message, publicKey) = True|False.
i.e. the signature verification algorithm was provided with the
indicated message bit string and the public key, and
either the signature algorithm ran properly to completion and produced
a True value, or it produced a False value or didn't complete.

Any other discussion of "meaning" should be left to the applications
that use signatures.

Perhaps we need a separate, simpler XML signature mechanism for
server-to-server applications?

Milt
Received on Thursday, 23 September 1999 08:17:52 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT