- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Mon, 4 May 2009 13:08:49 -0400
- To: "marcosc@opera.com" <marcosc@opera.com>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>, ext Kai Hendry <hendry@aplix.co.jp>, Thomas Roessler <tlr@w3.org>, public-webapps <public-webapps@w3.org>
The spec is more than a UA spec, it also describes signature format which affects parties other than the UA (e.g. audit etc) regards, Frederick Frederick Hirsch Nokia On May 4, 2009, at 12:42 PM, ext Marcos Caceres wrote: > On Mon, May 4, 2009 at 4:13 PM, Frederick Hirsch > <Frederick.Hirsch@nokia.com> wrote: >> The Identifier property is useful for audit and management in the >> backend. >> I believe this should remain in the specification and should >> remain a >> normative section, agreeing with Thomas note in the chat. It was >> added based >> on requirements from WG members. >> > > I understand the use case, but i still don't understand why we are > mandating the use of the dsp:Identifier if it's not going to be used > by the UA? If a signer wants to use dsp:Identifier for whatever > reason, then are free to do so by using the Signature Properties spec. > Putting something in the spec that does not do anything doesn't make > sense to me. > >> Thomas mentioned in the chat the means to obtain unique values, >> e.g. large >> random number, serial number + DNS etc, but I think this can be >> out of >> scope of the spec. >> >> Currently the specification states >> Each widget signature MUST contain a dsp:Identifier signature >> properties >> element compliant with XML Signature Properties [XMLDSIG- >> Properties] and >> this specification. >> >> We can add, "A signer MUST place the dsp:Identifier signature >> property into >> the signature when generating the signature." if necessary. >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> On May 4, 2009, at 9:38 AM, Barstow Art (Nokia-CIC/Boston) wrote: >> >>> Kai - this is a good question. >>> >>> Frederick - we (MC, TLR and I) talked about this in IRC today. >>> Please >>> take a look and let us know your thoughts: >>> >>> <http://krijnhoetmer.nl/irc-logs/webapps/20090504> >>> >>> -Regards, Art Barstow >>> >>> >>> On May 1, 2009, at 6:49 AM, ext Kai Hendry wrote: >>> >>>> http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature- >>>> property >>>> >>>> I'm not sure what "signature management" is exactly, though can >>>> someone please inform me what a UA is supposed to do with >>>> dsp:Identifier? >>>> >>>> >>>> I'm also keen on seeing a simple self sign sign/verify example >>>> using >>>> http://www.aleksey.com/xmlsec/ or some other opensource tool. >>>> >>>> >>>> Kind regards, >>>> >>> >> >> >> > > > > -- > Marcos Caceres > http://datadriven.com.au
Received on Monday, 4 May 2009 17:11:01 UTC