W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: unparsed entities

From: John Boyer <jboyer@uwi.com>
Date: Wed, 7 Apr 1999 14:55:22 -0700
Message-ID: <008101be8141$56144960$9ccbf4cc@kuratowski.uwi.bc.ca>
To: <rdbrown@GlobeSet.com>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Hi Richard,

>Don't you think that is where Signed XML standard stops and XDFL one
starts.
>In other words, the signature standard provides the means for signing
>packaged external entities (simple elements from a signature standard
>standpoint) and XDFL defines and identifies what is to be packaged,
encoded,
>signed, and verified.

I am hoping to have as much interoperability between XFDL signatures and
signatures created for other languages as possible.  Our server-side
software efforts are currently focused around processing all kinds of XML
documents, not just XFDL.  If every XML derivative comes up with its own way
of packaging and encoding external entities, then we have to write custom
code for each new XML language.

If, on the other hand, a signature manifest states that certain external
entities should be packaged into the signature element as subelements, then
they will be signed and verified as a natural part of generating the text to
be hashed from the XML document itself.  This assumes, of course, that a
model similar to the current XFDL method is adopted.  When we create a
signature, we create the signature element, and we add all of the signing
parameters to it.  We then force that element to be included in the hash so
it is impossible for someone to change the signature parameters without
breaking the signature.  In generic signed XML, the signature element would
be modified to include those packaged subelements.  The signature blob is
then created and added as a final subelement, encoded in base64.  Naturally,
we avoid breaking the signature by automatically excluding the signature
blob when regenerating the text during a verification.

The more of these ideas we put into the spec, the more likely we are to
cover off all signed XML signature needs such that signatures in different
documents will interoperate.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com

>
>Sincerely,
>
>Richard D. Brown
>Software Architect - R&D
>GlobeSet, Inc. Austin TX - U.S.
>
Received on Wednesday, 7 April 1999 17:50:46 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:03 EDT