Re: Some strawman ideas for a minimum DSig profile

Scott Cantor wrote:
> Sean Mullan wrote:
>> It also occured to me that many of these minimal processing and 
>> verification issues could be solved if the xml signature was always 
>> stored in a separate xml document, and somehow safely associated or 
>> packaged with what it is signing (like a zip file).
> 
> I guess it's relevant to my action item, so I'll point out that if 
> you're going to do that, there is very little value to signing it as XML 
> or producing a signature that's XML. That's much easier to do with 
> S/MIME (or something like what we did with the alternate SAML binding).

Maybe but at least for Java applications, you've already got a standard 
XML Signature API in all JREs. There's no standard Java S/MIME API and 
there may never be. Even if we end up just using the XML Signature 
structure as a container for the digests and signature and not much 
else, I think it still may be a win.

--Sean

Received on Thursday, 21 August 2008 18:43:01 UTC