Re: XML-Signatures Requirements Last Call

John Boyer has been the advocate for this requirement, so perhaps he can
speak more authoritatively. My understanding is that one needs ways of
signing portions of XML. I suspect Xlink/Ptrs could be abused in that I
could have a series of locators referencing elements with given IDs and
change the relative order of those resources within the document and the
signature would still pass -- their relative order wasn't captured by
listing the Xlinks as signature references. Excluding portions of a complete
XML document from the signature, or selecting those portions and maintaining
the context and their relative positions seem to be the two feasible options.

Regardless, I expect well-balanced regions [1] are sufficient for the
applications I know of. To that end, the content production [2:43] rule
might even cover most of what people would want to do.

[1] http://www.w3.org/TR/WD-xml-fragment#terminology


At 16:44 99/08/25 -0500, Paul Grosso wrote:
 >At 16:53 1999 08 25 -0400, Joseph M. Reagle Jr. wrote:
 >>At 11:17 99/08/23 -0500, Paul Grosso wrote:
 >>Dependency: signing non-contigous portions of XML content in a way that
 >>retains their relative positions/context.
 >
 >I think it may be important to be clear about your non-contiguous
 >portions.  Specifically, will they be restricted to what the XML
 >Fragment spec calls well-balanced regions, or do they need to be
 >able to be un-well-balanced?  If the latter, that will probably
 >raise a lot more issues and require a lot more coordination, say,
 >with the XML Infoset and DOM and Fragments and XPointer and such 
 >(since most XML processes work on a tree or node model of XML element 
 >structure which wouldn't allow un-well-balanced regions).

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/

Received on Thursday, 26 August 1999 17:34:42 UTC