Re: XForms and XML Signatures : How to get the presentation layer? from David Landwehr on 2007-06-20 (www-forms@w3.org from June 2007)

From: David Landwehr <david.landwehr@picoforms.com>
Date: Wed, 20 Jun 2007 08:44:24 +0200
To: duryodhan <duryodhan125@gmail.com>
Cc: www-forms@w3.org
Message-Id: <16431CB8-472A-4039-8F28-F4DA024A85D9@picoforms.com>

The problem is that the user must be aware of what is being signed  
and as such it might not even be enough to sign both the xhtml 
+instance since the form might not display all the information the  
user is signing (e..g calculated fields or other elements which is  
not displayed to the user). If I was you I would make an additional  
step to the signing, e.g. to transform the instance into a text piece  
of information where all the information are present and then ask the  
user to sign that. This is an often used see method, when an applet  
is doing the signing.

If you are doing an implementation with firefox then the applet  
solution might be of use to you. Additional you can make the  
transformation from instance to clear text using an XSLT (see e.g.  
http://landwehr.dk/blog/ for how to use XSLT with XForms in Firefox  
to do sorting).

I'm sorry I cannot be more helpful than this.

Best regards,
David

On Jun 20, 2007, at 7:20 AM, duryodhan wrote:

>
> Hey,
>
> ok! No offense, but I am aware WHY you need to sign the presentation
> layer too .. (from your own blog posts I am afraid), but the point I
> was asking was... to sign the whole presentation layer + Instance when
> the XHTML is the presentation layer, what should I sign? The whole
> XHTML document (with the model replaced by the actual instance). Or is
> there something more specific only that I should sign? I am afraid
> that most of the stuff online about this is mostly about XFDL (again
> by you :) ).
>
> Also, I wanted to know ... HOW should I get the whole presentation
> layer from the client side to the server side ?
>
> I am a little of a noob , so please bear with me , if I am waaay off
> course and clear me up.
>
> The *first* question is what I am most dense about. ... could you
> please give an example of _what_ should be signed, when the XForms use
> XHTML as presentation layer, assuming a simple XML Signature tool that
> I have which converts an XML Doc to one containing an enveloped
> signature?
>
> Regards,
> duryodhan
>

Received on Wednesday, 20 June 2007 06:44:32 UTC