XSL is an XML format, so we haven't excluded signature of XSL, have we? Also, I'm aware of the W3C recommendation at http://www.w3.org/TR/xml-stylesheet/ that ties a stylesheet to an XML document. However, a processing instruction is used for this purpose, and we have proposed elimination of PI from our c14n. I believe this needs to be revisited. Applications will definitely want the option to locate and sign an associated stylesheet. IMO, It is not for us to judge whether or not this makes sense to the application just because our committee(s) can't guarantee a trusted browser. The level of trust required is up to the application (they may restrict their application to specific signed and trusted browsers, they may certify their application for specific common browsers, etc.) Rich ____________________Reply Separator____________________ Subject: Re: How to sign several resources (XML and XSL)? Author: "Milton M. Anderson" <miltonma@gte.net> Date: 9/23/99 7:44 AM -----Original Message----- From: David Burdett <david.burdett@commerceone.com> Date: Wednesday, September 22, 1999 11:39 PM Subject: RE: How to sign several resources (XML and XSL)? >... otherwise how do you know the context for the XML data? > >You know the context because interpretation of the XML data is being done by >software from a presumably reliable source to do the interpretation that is >built according to a specification that describes the semantics of data > >... I now feel that we're getting very close to the topic of "trusted" >applications and I'm not sure we want to go there ... Even if XSL is signed, you still have to assume a "trusted" browser. It's impossible not to go there... Milt
Received on Thursday, 23 September 1999 12:43:36 UTC