- From: Peter Norman <pnorman@mediaone.net>
- Date: Wed, 29 Sep 1999 07:11:46 -0400
- To: w3c-ietf-xmldsig@w3.org
At 01:08 PM 9/27/99 -0700, you wrote: > >-----Original Message----- >From: w3c-ietf-xmldsig-request@w3.org >[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Richard D. Brown >Sent: Monday, September 27, 1999 10:51 AM >To: 'John Boyer'; dee3@us.ibm.com >Cc: w3c-ietf-xmldsig@w3.org >Subject: RE: rewrite of requirements 3.2.2 > > >John, > >Are we trying to say something like: > >"It shall be possible to embed an XML Signature element at any location >within an XML document and to specify the scope of the signature >independently of such location." > How about "It shall be possible to embed an XML Signature element at any location within an XML document permitted by the DTD (if one exists) and to specify the scope of the signature independently of such location." Possible additions - "signing applications are discouraged from changing the root of a document or reorganizing the descendancy tree" "signing applications are encouraged to sign the DTD where this is reasonable" "signing applications are strongly discouraged from changing the DTD" I don't feel so strongly about the first, since it seems to \me the DTD can always forbid most pernicious document reorganizations. We could forbid changes to the DTD, but I hate to forbid something that might be useful in some unanticipated circumstances. ><John> >Other than a minor tweak or two, the part I added was "The intent is that >the root element tag remain invariant under the operation of signature >creation, and that the descendancy tree of the root element remain unchanged >except for the addition of signature element(s) in places permitted by the >XML extension language." > >I think this actually does say what is above but also is explicit about two >things that seem to have been important to WG members. The first is >important to others and me: I am quite in favor of having the requirement >explicitly mention the part about the root element not changing. My >perception is that many systems will view signature as a method to be >invoked on a document, which will change information within or add >information to that document. The root element identifies what type of >document I have, and that shouldn't change just because a signature has been >affixed. The second point seems to have been important to others: one can >only add the signature element(s) in places allowed by the language (i.e. by >its DTD). This did not concern me personally, though, because it seemed to >me that the application has to insert the signature element within the >document before any behavior suggested by our spec for signature creation >can begin. If the application, with full knowledge of its own DTD, cannot >figure out where to put the signature element, then the application has a >problem. > >Nonetheless, since it is important to some, we may as well say it since it >is what we mean (and inevitable) anyway. > >John Boyer >Software Development Manager >UWI.Com -- The Internet Forms Company ></John> > >Sincerely, > >Richard D. Brown > >> -----Original Message----- >> From: John Boyer [mailto:jboyer@uwi.com] >> Sent: Monday, September 27, 1999 12:32 PM >> To: rdbrown@Globeset.com; dee3@us.ibm.com; w3c-ietf-xmldsig@w3.org >> Subject: RE: rewrite of requirements 3.2.2 >> >> >> Hi Richard, >> >> Since this one seems to matter a lot to me, how about >> something like this: >> >> 2. It must be easy to specify XML documents that contain >> signatures. For >> XML signatures, it must be easy to specify the material that >> is signed such >> that signatures can be inserted within a document and cover >> all or part of >> the document outside of the inserted signature. The intent >> is that the root >> element tag remain invariant under the operation of signature >> creation. >> >> John Boyer >> Software Development Manager >> UWI.Com -- The Internet Forms Company >>
Received on Tuesday, 28 September 1999 19:12:02 UTC