W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: XMLDSIG proposal: enveloped signatures, xpath and here()

From: Kevin Regan <kevinr@valicert.com>
Date: Mon, 24 Jul 2000 15:12:12 -0700 (PDT)
To: merlin <merlin@baltimore.ie>
Cc: John Boyer <jboyer@PureEdge.com>, TAMURA Kent <kent@trl.ibm.co.jp>, w3c-ietf-xmldsig@w3.org
Message-id: <Pine.SOL.4.21.0007241509510.19591-100000@bugs.valicert.com>

Isn't the problem of relocatable signatures more to do with the
fact that the Signature element (and its children) rely on parent
namespace declarations, so it can not be moved to another document
with a different namespace hierarchy?

--Kevin

> 
> The problem of relocatable signatures is an interesting one,
> however it can be solved in two ways. One is for the signatures
> to use null references; the referenced data is implicitly the
> associated datum, known to the appication. Alternatively, use an 
> XPointer in the reference to identify the relevant data (I believe
> that is the correct technology) and then an XPath, if necessary,
> to select from it:
> 
>   <Reference URI='#xpointer(../../previous-sibling)'>
> 
> Technologically, all verifiers which support XPath transforms
> contain the necessary tools for XPointer resolution. So adding
> a need for this is a minimal burden.
> 
> Merlin
> 
Received on Monday, 24 July 2000 18:12:12 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT