RE: XML Signature 2.0 Strawman Proposal

Thanks Juan Carlos for your feedback.

I'm not sure I fully understand your XAdES signature scenario. Note that my
proposal SUPPORTS signing references to external objects; my change is that
for enveloped objects (those within the <Signature> tags) to be inside
<SignedInfo> rather than outside <SignedInfo> (but still inside
<Signature>). Can you provide an example.

I should explain the Manifest question more. My thought is that support for
profiles may negate the need for manifests -- I will add some text to that
effect. 

Re your canonicalization point...the canonicalization I describe should
simplify things for all signatures be they enveloping, enveloped, detached,
or hybrid -- the focus is on simplifying the canonicalization of
<SignedInfo>. I'll write more on this later.

Again, thanks very much for your review.

Regards,
Ed
_____________________________
Ed Simon <edsimon@xmlsec.com>
Principal, XMLsec Inc. 
(613) 726-9645 

Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com".


New! "Privacy Protection for E-Services" published by Idea Group (ISBN:
1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). 
Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML,
and SAML".
See the Table of Contents here: "http://tinyurl.com/rukr4".

-----Original Message-----
From: public-xmlsec-maintwg-request@w3.org
[mailto:public-xmlsec-maintwg-request@w3.org] On Behalf Of Juan Carlos
Cruellas
Sent: November 7, 2007 09:24
To: Ed Simon
Cc: public-xmlsec-maintwg@w3.org
Subject: Re: XML Signature 2.0 Strawman Proposal


Some initial thoughts on Ed's presentation:

Ed is asking if we need objects that are outside signedInfo. My personal
view is that we actually need. XAdES signatures, for instance reserve a
relevant role for contents of ds:Objects thjat are not signed: they contain
revocation information that some verifier may incorporate after verifying
the signature (actual values or references, or time-stamps) or even
counter-signatures....
As for Manifest, I would say from what was written in the original XMLSig
that there are use cases for it, so I would also be in favour of keeping it
....


On canonicalization, if I have correctly understood, the group should deal
only wiht canonicalization of signedInfo and leave outside... so we would
only achieve make things easier only for enveloping signatures, not
dettached or enveloped....am I right?

I think that incorporation of differnt signers is anyway a good thing...

But as I said, these are only first thoughts....

Regards

Juan Carlos.
Ed Simon escribió:
> 
> Please find attached, or linked, my current strawman proposal for XML 
> Signature 2.0. These slides are scheduled to be presented on Thursday 
> afternoon.
>  
> Regards,
> Ed
> _____________________________
> Ed Simon <edsimon@xmlsec.com>
> Principal, XMLsec Inc.
> (613) 726-9645
> 
> Interested in XML, Web Services, or Security? Visit " 
> http://www.xmlsec.com <http://www.xmlsec.com/> ".
> 
> New! "Privacy Protection for E-Services" published by Idea Group
> (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover).
> Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, 
> XACML, and SAML".
> See the Table of Contents here: " http://tinyurl.com/rukr4 
> <http://tinyurl.com/rukr4> ".
>  

Received on Wednesday, 7 November 2007 15:22:42 UTC