W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: what does a signature mean ?

From: Alan Kotok <kotok@w3.org>
Date: Tue, 20 Apr 1999 13:07:02 -0400
Message-Id: <4.1.19990420124646.00afa860@localhost>
To: bede@mitre.org (Bede McCall)
Cc: w3c-xml-sig-ws@w3.org
Without copying all of the subject message from Bede, I want to support his
reasoning, and discuss this a bit further.

There are obviously some kinds of documents which are "designed to be
signed".  They contain wording expressing the meaning of the signature.
These words are found at the bottoms of a lot of forms, like your tax
return.  They are also found in applications, contracts, etc.  Some day,
these words will be tied to metadata IN THE FORM which allows computers to
reason about the semantics.  I'm not particularly worried about this
subject right now.  In my opinion, the way a signature block could deal
with that is that an "assertion" section could point either back to the
subject document, or, eventually, to some RDF within that document.

But there is clearly, IMHO, a need to be able to sign assertions ABOUT some
document, XML or not, which was never intended to be a contract, such as
Bede's intelligence images.

Thus, I assert, there should be an "Assertions" block in the signature
block where such information can be found.  Some application could well
render this stuff both at signing time and when a signed document is
viewed.  Because I do not like "implied" semantics, I claim this section
should be mandatory.  One allowed thing to say in it is, "Signature
assertions contained in document [URL]".  Said document would be part of
the manafest to tie it all together.

On another subject, I we need to be clearer about what of this work is
defining an XML schema for signed documents, and what is dealing with what
is done with existing XML documents to allow them to be signed.  The former
gets into the questions of what to do about these assertions, and the
latter into following links and canonicalization.  I believe these two
parts can and should be separated clearly.

[signed] Alan (who asserts that he authored the above message)
___________________________________________________________________________
Alan Kotok, Associate Chairman                          mailto:kotok@w3.org
World Wide Web Consortium                                 http://www.w3.org
MIT Laboratory for Computer Science,  545 Technology Square,  Room NE43-409
Cambridge, MA 02139, USA     Voice: +1-617-258-5728    Fax: +1-617-258-5999
Received on Tuesday, 20 April 1999 13:07:03 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:03 EDT