W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: AW: Re[2]: Omitting Location and Transforms from SignedIn

From: Adam Prince <adam.prince@scala.se>
Date: Thu, 18 Nov 1999 17:27:40 +0100
To: "'Peter Lipp'" <Peter.Lipp@iaik.at>, <rhimes@nmcourt.fed.us>, <w3c-ietf-xmldsig@w3.org>, <jboyer@uwi.com>, <gwhitehead@signio.com>
Message-ID: <000001bf31e1$d6253af0$9c012e0a@sewaprince.scala.se>
sorry to jump in with probably two big feet but . . .

Within a business to business message stream an external reference is likely
to be found as a cross reference rather than just a signed statement "laying
around".  For example, if I sent a report to a client and cross-referred to
a relevant and significant external object (possibly on my home server or a
learned site such a W3C) I would wish to sign the cross-reference to prove
data integrity (i.e. the document I referred to is the same as the one you
follow my link to).  Likewise if I place a complex purchase order I might
cross-refer to a separate bill-of-material or design plan and wish to sign
that reference so that there can not be any later confusion as to which
version etc of the cross-referred object I meant (non-repudiation).  In both
cases I move from the signed reference to the object rather than the object
to the signature and in both cases the reference is significant as it may be
absolute (a complete uri) or relative (within a given web-site or Extranet).


Adam Prince

-----Original Message-----
From: Peter Lipp [mailto:Peter.Lipp@iaik.at]
Sent: 18 November 1999 17:12
To: rhimes@nmcourt.fed.us; w3c-ietf-xmldsig@w3.org; jboyer@uwi.com;
Subject: AW: AW: Re[2]: Omitting Location and Transforms from SignedIn
> or at least we should allow for it.  Suppose I make a statement that "The
> document at www.xxx.com/PG is suitable reading for children".  I
This is fine, but I would rarely go and check your signature in such cases
if I did not want to know about www.xxx.com in the first place. If I happen
to find your signature laying around, I would not go off to check the page
out of curiosity if your signature verifies or not.

What I was aiming at was that the workflow would more often move from the
document to the signature than the other way round.

Received on Thursday, 18 November 1999 11:27:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC