Re: New proposed fix for here() from TAMURA Kent on 2000-08-22 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: TAMURA Kent <kent@trl.ibm.co.jp>
Date: Tue, 22 Aug 2000 16:38:33 +0900
To: w3c-ietf-xmldsig@w3.org
Message-Id: <200008220738.QAA10132@ns.trl.ibm.com>

In message "Re: New proposed fix for here()"
    on 00/08/17, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com> writes:
> I believe there is a desire from eCheck and presumably similar
> protocols to be able to sign things relative to where the signature
> element is.  This relates to composite documents formed from
> pre-existing XMLD documents where you can't depend on using IDs
> because they might conflict in the documents combined to make the
> composite result.

Ok.

The problem is only for a reference to the signature itself.
So, how about adding another Reference element?
For instance,

<!ELEMENT SelfReference (Transforms?, DigestMethod, DigestValue)>
  <!-- The same content as Reference -->
<!ATTLIST SelfReference  
          OmitSignature (all|this) #IMPLIED
          XPath  CDATA #IMPLIED
          Id     ID    #IMPLIED
          Type   CDATA #IMPLIED >

- Remove enveloped-signature transofrm
- here() is available only in XPath attribute, and removed from XPath transform.
- Reference is not changed.

(I guess this is an incomplete proposal)

-- 
TAMURA Kent @ Tokyo Research Laboratory, IBM

Received on Tuesday, 22 August 2000 03:39:13 UTC