Re: Re[2]: ObjectReference shouldn't be signed, was RE: Location from Joseph M. Reagle Jr. on 1999-11-09 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 09 Nov 1999 10:04:29 -0500
To: rhimes@nmcourt.fed.us
Cc: <w3c-ietf-xmldsig@w3.org>, <aschmidt@darmstadt.gmd.de>, <reiner.huettl@munich.ixos.de>, <robert.frost@munich.ixos.de>, <connolly@w3.org>, <liberte@w3.org>, timbl@w3.org
Message-Id: <3.0.5.32.19991109100429.009ad590@localhost>

At 17:20 99/11/08 -0700, rhimes@nmcourt.fed.us wrote:
 >Aren't we causing the problem that is "not ours to solve" by freezing these
 >values that will likely change?

We didn't freeze them, they are frozen by definition: if someone uses a URL,
that is an assertion that 

        A: the content dereferenced at URL and transformed yields the 
        following DigestValue.

How do you make an assertion sans location semantics, such that:

        B: some object when found and transformed yields the 
        following DigestValue  ?

I think this is a valid question. We have a requirement to identify objects
via URIs. The URI need not be a URL. (In fact, I think the DigestValue is a
good URI). We could relax that requirement and remove "Location" from the
signature and only provide it as a resolution hint; or we permit a level of
indirection pre/post signature creation. Pre: ObjectReference uses some
mechanism such as a directory, URN, manifest etc. that provides resolution.
Post: you allow a "redirect" or "cache" statement to be associated with the
signature that states "the URI found in ObjectReference resolves to X"

 >>Z.a ObjectReference with Identifier/Location "http://2" yields content''
 >>Z.b content==content''
 >
 >I think this would be appropriate in some contexts where we need the
detailed
 >audit trail of location changes, and it would be a nice option.  It may be
a bad
 >example, but (an example I just e-mailed, sorry for the dup) suppose I
manage a
 >site with signed RDF statements about the documents on my site and I
"dumbly"
 >used URLs to refer to them.  Gigacorp buys my company and changes the
domain to
 >www.gigacorp.com.  I'd prefer to just correct the references than to add
 >thousands of RDF statements correcting each reference.  Also, in my court
filing
 >example where I am moving a document (base 64 PDF) from a delivery
envelope to a
 >native PDF, I don't want the clutter (the standard needs to be less
intrusive
 >IMO.)

If the fact that those statements were found at www.gigacorp.com was not
part of the semantics you wanted to be bound by (and I agree with Phillip
that some people do want to assert this) I'd recommend using an IDREF as the
URI of the resource that is digested, and the IDREF points to an object in
the signature which includes "hints" for finding and resolving content.

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Tuesday, 9 November 1999 10:05:07 UTC