- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 07 Sep 2000 19:34:25 -0400
- To: Brian LaMacchia <bal@microsoft.com>
- Cc: XML DSig <w3c-ietf-xmldsig@w3.org>, Dan Connolly <connolly@w3.org>, "Martin J. Duerst" <duerst@w3.org>
At 18:24 8/29/2000 +0000, Brian LaMacchia wrote: >What should the verifier do in this case? Should it: >a) follow the redirect URL to get the content to feed into the set of >transforms? Ok, I added a sentence in section 4.3.3; the paragraph now reads: XML Signature applications MUST be able to parse URI syntax. We RECOMMEND they be able to dereference URIs in the HTTP scheme. Dereferencing a URI in the HTTP scheme MUST comply with the Status Code Definitions of [HTTP] (e.g., 302, 305 and 307 redirects are followed to obtain the entity-body of a 200 status code response). Martin, you suggested the following: If a resource is identified by more than one URI, the most specific should be used (e.g. http://www.w3.org/2000/06/interop-pressrelease.html.en instead of http://www.w3.org/2000/06/interop-pressrelease). (See the section 3.2.1:Reference Validation for a further information on reference processing.) but given the above, is this where a few URLs are known by the application, or where this is an HTTP 300 Mutliple Choices response? _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Thursday, 7 September 2000 19:34:31 UTC