W3C home > Mailing lists > Public > xml-dist-app@w3.org > May 2003

Re: PASWA, Include and Protocol Bindings

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Thu, 08 May 2003 14:48:16 -0400
To: Mark Nottingham <mark.nottingham@bea.com>
Cc: Martin Gudgin <mgudgin@microsoft.com>, noah_mendelsohn@us.ibm.com, xml-dist-app@w3.org
Message-id: <A0EBD574-8185-11D7-9596-0003937568DC@sun.com>

On Thursday, May 8, 2003, at 14:33 US/Eastern, Mark Nottingham wrote:
>> How does it sidestep the problem? Please explain.
>
> Your original question was:
>
>> If A uses the latter case, how do C or D determine which instances of
>> base64 encoded data to decode prior to signature verification ?
>
> If you sign the value space, no decision about encoding need to be 
> made,
> because encoding isn't visible, period. There does need to be 
> visibility
> of type information (or some other hint, as you discuss), but I *think*
> we're in agreement that this is a manageable problem.

A requirement for visibility of type information is a serious issue 
IMO. Hence my suggestion for a simple indicator of which contents are 
inlined binary data.

Also note that messages are transmitted in lexical space so verifying a 
sig would require base64 decoding.

> I think an appropriate question is whether it's a problem we (XMLP) 
> need
> to provide a solution for, as it's rather specific to digital 
> signatures,
> and therefore might be better considered elsewhere.

I think its important that we consider how any new proposal fits with 
existing practice and available technologies.

> I do agree that we
> need to investigate enough to assure that it's solveable, which we 
> appear
> to be doing.
>
Indeed.

Marc.

--
Marc Hadley <marc.hadley@sun.com>
Web Technologies and Standards, Sun Microsystems.
Received on Thursday, 8 May 2003 14:48:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:14 GMT