- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 4 May 2009 18:42:53 +0200
- To: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Cc: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>, ext Kai Hendry <hendry@aplix.co.jp>, Thomas Roessler <tlr@w3.org>, public-webapps <public-webapps@w3.org>
On Mon, May 4, 2009 at 4:13 PM, Frederick Hirsch <Frederick.Hirsch@nokia.com> wrote: > The Identifier property is useful for audit and management in the backend. > I believe this should remain in the specification and should remain a > normative section, agreeing with Thomas note in the chat. It was added based > on requirements from WG members. > I understand the use case, but i still don't understand why we are mandating the use of the dsp:Identifier if it's not going to be used by the UA? If a signer wants to use dsp:Identifier for whatever reason, then are free to do so by using the Signature Properties spec. Putting something in the spec that does not do anything doesn't make sense to me. > Thomas mentioned in the chat the means to obtain unique values, e.g. large > random number, serial number + DNS etc, but I think this can be out of > scope of the spec. > > Currently the specification states > Each widget signature MUST contain a dsp:Identifier signature properties > element compliant with XML Signature Properties [XMLDSIG-Properties] and > this specification. > > We can add, "A signer MUST place the dsp:Identifier signature property into > the signature when generating the signature." if necessary. > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On May 4, 2009, at 9:38 AM, Barstow Art (Nokia-CIC/Boston) wrote: > >> Kai - this is a good question. >> >> Frederick - we (MC, TLR and I) talked about this in IRC today. Please >> take a look and let us know your thoughts: >> >> <http://krijnhoetmer.nl/irc-logs/webapps/20090504> >> >> -Regards, Art Barstow >> >> >> On May 1, 2009, at 6:49 AM, ext Kai Hendry wrote: >> >>> http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature- >>> property >>> >>> I'm not sure what "signature management" is exactly, though can >>> someone please inform me what a UA is supposed to do with >>> dsp:Identifier? >>> >>> >>> I'm also keen on seeing a simple self sign sign/verify example using >>> http://www.aleksey.com/xmlsec/ or some other opensource tool. >>> >>> >>> Kind regards, >>> >> > > > -- Marcos Caceres http://datadriven.com.au
Received on Monday, 4 May 2009 16:43:59 UTC