- From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
- Date: Tue, 04 Jan 2000 12:07:39 +0100
- To: Gregor.Karlinger@iaik.at, XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
Gregor Karlinger wrote: > Andreas Schmidt wrote: > > >> URI="" must be used in conjunction with either IDREF or an XPath transform. > > > Either that or it is core behavior to omit the contents of > > SignatureValue in > > that case. > > I think it should be clear that in this case an additional XPath transform > has to be applied to exclude the Signature. I don't think it is necessary to > state this as core behaviour. The only thing which is clear is that self-referential sigantures will never validate. I think this problem and any solution the standard provides should be explained somewhere - may it be core behavior definition, a recommendation to application designers, or at least application examples. Nevertheless, since signing 'this' document seems to me to be a quite common case, so why not provide standard means to cope with it? To define exclusion of SignatureValue as core behavior is the simplest way to achieve this. > > Btw two minor editing points: > > > > 1. sec. 2.3 defines URI/IDREF as exclusive alternatives > > > > <Reference (URI=|IDREF=)? Type=?> > > > > in contrast to sec. 3.3.3 > > I don't see a contradiction here. In [1], sec. 3.3.3. you can find: > > "The URI/IDREF attribute identifies a data object using a URI [URI] or IDREF [XML]." Right. This was only in conflict with John's idea of using URI and IDREF jointly to solve the problem above. > [1] http://www.w3.org/Signature/Drafts/WD-xmldsig-core-20000104/
Received on Tuesday, 4 January 2000 06:07:13 UTC