Re: A proposal re Object/Manifest/etc. from Joseph M. Reagle Jr. on 1999-12-13 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 13 Dec 1999 13:32:25 -0500
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: w3c-ietf-xmldsig@w3.org, dee3@us.ibm.com
Message-Id: <3.0.5.32.19991213133225.00a75760@localhost>

At 09:29 99/12/09 -0500, Donald E. Eastlake 3rd wrote:
 ><Signature>
 >	(SignedInfo)
 >	(SignatureValue)
 >	(KeyInfo)?
 >	(Manifest)?
 ></Signature>

I mulled this over this weekend, and in terms of making improvements but not
substantively changing what we have, as a WG member I like  the following:

1. Changing ObjectReference to Reference since in cleaning up the spec we
are trying to distinguish between a resource and an Object as a specifical
XML element. (References can point to either).
2. Making Manifest a grouping of References (and only references) that is
found inside of SignedInfo. Having a set of References outside called a
Manifest, and those inside a SignedInfo is sort of odd, and with this change
it provides a bit of syntactical sugar within SignedInfo that helps draw the
line between the cyrptographic signature application and the
reference/manifest application (both of which are part of SignedInfo core).
3. Defining Object as something that sits in Signature (as it does
presently) to hold other non-core data, which might be another Manifest or
SignedProperties. (If people absoultely want Manifest or SignatureProperty
to be at the same level as Object outside of SignedInfo (but in Signature) I
can accept that, but I really like using Object as the "non-core" bucket.)

I realize this prevents us from the generality (for instance, of being able
to sign an Object directly) but I'd defer on that generality for two reasons:

1. I want to be very clear where core signature data and non-core data go.
Placing real data in SignedInfo might confuse things with respect to c14n
and "chasing of links" issues. Placing SignatureProperties in SignedInfo
might get people thinking in termsof authenticad/non-authenticated
attributes and think that by placing it in SignedInfo they are changing the
semantics/behvaiour of what we specify.
2. given our schedule, we need to go to last call soon.

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Monday, 13 December 1999 13:32:31 UTC