- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Wed, 23 Jul 2008 17:00:05 -0400
- To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Cc: Pratik Datta <pratik.datta@oracle.com>, public-xmlsec@w3.org
You could also potentially put the hint in a SignatureProperty element,
for example:
<Signature>
...
<Object>
<SignatureProperties>
<SignatureProperty>
<Streamable/>
</SignatureProperty>
</SignatureProperties>
</Object>
</Signature>
I could imagine other properties for different profiles, ex: <Simple/>.
If you assume a two-pass model, then you can look for this property in
the first pass.
--Sean
Konrad Lanz wrote:
> Hi,
>
> Pratik Datta wrote:
>> I would like to see if we can achieve this streaming hint with forward
>> compatibility.
>>
> +1 to at least trying to achieve that.
>> By that I mean, we put in the hint in such a place that older implementations
>> can still verify such a signature by ignoring the hint, whereas newer
>> implementations can take advantage of this hint and do streaming.
>>
> Quick Proposal:
>
> <ds:Reference URI="">
> <?ds:Reference dereference as event stream allowed,
> constrained transforms enforced, legacy equivalent processing and
> compatible results are hereby stipulated ?>
> <ds:Transforms>
> ...
> </ds:Transforms>
> <ds:DigestMethod Algorithm="..."/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
>
> If the hints / preconditions are not fulfilled by the ds:Transforms,
> throw an error.
>> [...] how about adding it as a new attribute to an existing transform?
>> Implementations will probably ignore unknown attributes. Or maybe add a new
>> transformation parameter?
>>
> I doubt that extension points will be ignored by applications in
> general, hence my preference for a processing-instruction.
>
> Konrad
>
Received on Wednesday, 23 July 2008 21:00:49 UTC