Re: What is the best way to handle the case where you would end up with too many references in a digital signature? from merlin on 2003-10-16 (w3c-ietf-xmldsig@w3.org from October to December 2003)

From: merlin <merlin@baltimore.ie>
Date: Thu, 16 Oct 2003 22:59:03 +0100
To: "Chugh, Sanjay" <schugh@filenet.com>
Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org
Message-Id: <20031016215908.93A9C43CF7@yog-sothoth.ie.baltimore.com>

Can you add an external attribute to the elements that need
to be signed? Then you could have an XPath filter:
  include //*[@foo:bar="baz"]

Otherwise your best bet may be an XPath filter transform.

merlin

r/schugh@filenet.com/2003.10.16/15:45:31
>
>   No. The way our forms are structured, I don't think that can be the
>   case.
>
>   I thought that I had found a solution myself by adding a unique
>   namespace for the cells, but it was shot down by the developers more
>   familiar with the
>
>   inner workings of the form then myself. The reason being that some
>   elements can be signed by more then one signatures, say for example
>   when you have a form that would be signed by an employee and also a
>   manager. There may be some common elements that both of them sign.
>
>
>
>
>
>   -- Sanjay
>
>
>
>
>
>     -----Original Message-----
>   From: Michael McIntosh [mailto:mikemci@us.ibm.com]
>   Sent: October 16, 2003 3:30 PM
>   To: Chugh, Sanjay
>   Cc: w3c-ietf-xmldsig@w3.org; w3c-ietf-xmldsig-request@w3.org
>   Subject: Re: What is the best way to handle the case where you would
>   end up with too many references in a digital signature?
>
>     Is there no way for you to group them under a common parent
>     element?
>
>   "Chugh, Sanjay" <schugh@filenet.com>
>   Sent by: w3c-ietf-xmldsig-request@w3.org
>
>   10/16/2003 05:22 PM
>
>           To:        <w3c-ietf-xmldsig@w3.org>
>           cc:
>           Subject:        What is the best way to handle the case where
>   you would end up with too many references in a digital signature?
>
>     If I have an XML Document, where I need to sign say up to two
>     hundred different elements (different parts of a very complex form
>     for example),
>     I think I will end up with up to 200 references, in the SignedInfo
>     or manifest, whereever we decide to put them.
>     We did think about using an XPath expression, but that would get
>     too large and performance might be an issue I think.
>
>     What is a good way to handle such a scenario?
>
>     Thanks,
>
>     -- Sanjay

Received on Thursday, 16 October 2003 17:59:10 UTC