- From: Ed Simon <edsimon@xmlsec.com>
- Date: Wed, 7 Nov 2007 10:26:01 -0500
- To: <cruellas@ac.upc.edu>
- Cc: <public-xmlsec-maintwg@w3.org>
Thanks Juan Carlos for your feedback. I'm not sure I fully understand your XAdES signature scenario. Note that my proposal SUPPORTS signing references to external objects; my change is that for enveloped objects (those within the <Signature> tags) to be inside <SignedInfo> rather than outside <SignedInfo> (but still inside <Signature>). Can you provide an example. I should explain the Manifest question more. My thought is that support for profiles may negate the need for manifests -- I will add some text to that effect. Re your canonicalization point...the canonicalization I describe should simplify things for all signatures be they enveloping, enveloped, detached, or hybrid -- the focus is on simplifying the canonicalization of <SignedInfo>. I'll write more on this later. Again, thanks very much for your review. Regards, Ed _____________________________ Ed Simon <edsimon@xmlsec.com> Principal, XMLsec Inc. (613) 726-9645 Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com". New! "Privacy Protection for E-Services" published by Idea Group (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML, and SAML". See the Table of Contents here: "http://tinyurl.com/rukr4". -----Original Message----- From: public-xmlsec-maintwg-request@w3.org [mailto:public-xmlsec-maintwg-request@w3.org] On Behalf Of Juan Carlos Cruellas Sent: November 7, 2007 09:24 To: Ed Simon Cc: public-xmlsec-maintwg@w3.org Subject: Re: XML Signature 2.0 Strawman Proposal Some initial thoughts on Ed's presentation: Ed is asking if we need objects that are outside signedInfo. My personal view is that we actually need. XAdES signatures, for instance reserve a relevant role for contents of ds:Objects thjat are not signed: they contain revocation information that some verifier may incorporate after verifying the signature (actual values or references, or time-stamps) or even counter-signatures.... As for Manifest, I would say from what was written in the original XMLSig that there are use cases for it, so I would also be in favour of keeping it .... On canonicalization, if I have correctly understood, the group should deal only wiht canonicalization of signedInfo and leave outside... so we would only achieve make things easier only for enveloping signatures, not dettached or enveloped....am I right? I think that incorporation of differnt signers is anyway a good thing... But as I said, these are only first thoughts.... Regards Juan Carlos. Ed Simon escribió: > > Please find attached, or linked, my current strawman proposal for XML > Signature 2.0. These slides are scheduled to be presented on Thursday > afternoon. > > Regards, > Ed > _____________________________ > Ed Simon <edsimon@xmlsec.com> > Principal, XMLsec Inc. > (613) 726-9645 > > Interested in XML, Web Services, or Security? Visit " > http://www.xmlsec.com <http://www.xmlsec.com/> ". > > New! "Privacy Protection for E-Services" published by Idea Group > (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). > Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, > XACML, and SAML". > See the Table of Contents here: " http://tinyurl.com/rukr4 > <http://tinyurl.com/rukr4> ". >
Received on Wednesday, 7 November 2007 15:22:42 UTC