- From: John Boyer <jboyer@uwi.com>
- Date: Wed, 7 Apr 1999 14:55:22 -0700
- To: <rdbrown@GlobeSet.com>
- Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Hi Richard, >Don't you think that is where Signed XML standard stops and XDFL one starts. >In other words, the signature standard provides the means for signing >packaged external entities (simple elements from a signature standard >standpoint) and XDFL defines and identifies what is to be packaged, encoded, >signed, and verified. I am hoping to have as much interoperability between XFDL signatures and signatures created for other languages as possible. Our server-side software efforts are currently focused around processing all kinds of XML documents, not just XFDL. If every XML derivative comes up with its own way of packaging and encoding external entities, then we have to write custom code for each new XML language. If, on the other hand, a signature manifest states that certain external entities should be packaged into the signature element as subelements, then they will be signed and verified as a natural part of generating the text to be hashed from the XML document itself. This assumes, of course, that a model similar to the current XFDL method is adopted. When we create a signature, we create the signature element, and we add all of the signing parameters to it. We then force that element to be included in the hash so it is impossible for someone to change the signature parameters without breaking the signature. In generic signed XML, the signature element would be modified to include those packaged subelements. The signature blob is then created and added as a final subelement, encoded in base64. Naturally, we avoid breaking the signature by automatically excluding the signature blob when regenerating the text during a verification. The more of these ideas we put into the spec, the more likely we are to cover off all signed XML signature needs such that signatures in different documents will interoperate. John Boyer Software Development Manager UWI.Com -- The Internet Forms Company jboyer@uwi.com > >Sincerely, > >Richard D. Brown >Software Architect - R&D >GlobeSet, Inc. Austin TX - U.S. >
Received on Wednesday, 7 April 1999 17:50:46 UTC