AW: New proposed fix for here()

Hi John,


> I like John's proposal of calculating the XPath expression identifying the
> Signature element.


I agree with Petteri; your proposal to add the XPath expression calculation
to the processing model seems to be the first solution which need not be
as a hack.

> Actually, the thing I don't understand is why we have an
> enveloped transform
> at all.  Clearly, it is not a transform like the others, and we've tried
> hack after hack to get it to work-- without success.  My original thoughts
> on enveloped signatures is that they would be done by XPath
> transforms that
> were specific to the document.

Applause, Applause ;-)

> The only thing I can figure out is that XPath is recommended, not
> required.
> But is that such a big deal.  We recommend XPath because you can do
> enveloped signatures without it, but we don't require it because many can
> get by without enveloped signatures.  If you want enveloped
> signatures, then
> implement the XPath transform and be done with it.  Then, you can
> write the
> XPath expression that omits the Signature by taking into account what
> Transforms you've put beforehand.
> Still, I'll keep thinking about this and bring it up on the
> teleconference.

I am completely with you regarding this issue. People which would like
to use enveloped signatures should utilize a XPath transform taking into
account the very special architecture of the regarding XML document. This
was the way of thinking most of us had (and I personally still have) until
the introduction of the enveloped signature transform.

To summarize my position:

1. Try to get rid of the enveloped signature transform and state that the
   XPath transfrom is required if people would like to deploy enveloped

2. If there are a lot of people who want to preserve the enveloped signature
   transform, then I would vote for your proposal to include the XPath
   expression computation in the processing model.

Regards, Gregor
Gregor Karlinger
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications

Received on Wednesday, 16 August 2000 03:13:12 UTC