- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Wed, 23 Jul 2008 17:00:05 -0400
- To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Cc: Pratik Datta <pratik.datta@oracle.com>, public-xmlsec@w3.org
You could also potentially put the hint in a SignatureProperty element, for example: <Signature> ... <Object> <SignatureProperties> <SignatureProperty> <Streamable/> </SignatureProperty> </SignatureProperties> </Object> </Signature> I could imagine other properties for different profiles, ex: <Simple/>. If you assume a two-pass model, then you can look for this property in the first pass. --Sean Konrad Lanz wrote: > Hi, > > Pratik Datta wrote: >> I would like to see if we can achieve this streaming hint with forward >> compatibility. >> > +1 to at least trying to achieve that. >> By that I mean, we put in the hint in such a place that older implementations >> can still verify such a signature by ignoring the hint, whereas newer >> implementations can take advantage of this hint and do streaming. >> > Quick Proposal: > > <ds:Reference URI=""> > <?ds:Reference dereference as event stream allowed, > constrained transforms enforced, legacy equivalent processing and > compatible results are hereby stipulated ?> > <ds:Transforms> > ... > </ds:Transforms> > <ds:DigestMethod Algorithm="..."/> > <ds:DigestValue>...</ds:DigestValue> > </ds:Reference> > > If the hints / preconditions are not fulfilled by the ds:Transforms, > throw an error. >> [...] how about adding it as a new attribute to an existing transform? >> Implementations will probably ignore unknown attributes. Or maybe add a new >> transformation parameter? >> > I doubt that extension points will be ignored by applications in > general, hence my preference for a processing-instruction. > > Konrad >
Received on Wednesday, 23 July 2008 21:00:49 UTC