- From: David Burdett <david.burdett@commerceone.com>
- Date: Fri, 8 Oct 1999 10:36:40 -0700
- To: "'Ed Simon'" <ed.simon@entrust.com>, "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Just a thought on Ed's comment that "resources such as XSLT libraries may not be readily available nor needed by XML Signature implmentations". There's work going on in the area of registries and repositories (see http://www.xml.org) that should enable on-line dynamic access to XSLT or other resources. This should mean that the appropriate transformation information should be available dynamically. It should also mean that if an application chooses, the stylesheet could be indpendently included as an "ObjectReference" to support checking that the correct transformation was actually applied. Thoughts? David -----Original Message----- From: Ed Simon [mailto:ed.simon@entrust.com] Sent: Friday, October 08, 1999 10:16 AM To: 'w3c-ietf-xmldsig@w3.org' Subject: First cut at what should say about requiring XSLT With reference to yesterday's teleconference, here's my cut at what the Transformation Algorithms section (7.6) should say about requiring XSLT. ************* It is recognized that in environments where there are significant restraints, resources such as XSLT libraries may not be readily available nor needed by XML Signature implmentations. However, it is also true that XML Signatures will often be processed in environments where access to both XML-parsing and XSLT libraries are available. Because XSLT is expected to be commonly used for deriving the data that is to be signed, implementations are STRONGLY RECOMMENDED to support the <XSLT> transformation element where practical. Note that mplementations which do support XSLT transformations are only REQUIRED to support the functionality REQUIRED by the XSLT Recommendation though they may support optional features as well. ************ Ed
Received on Friday, 8 October 1999 13:42:06 UTC