- From: Ken Goldman <kgold@watson.ibm.com>
- Date: Mon, 6 Nov 2000 15:59:47 -0500
- To: w3c-ietf-xmldsig@w3.org
- CC: Ken Goldman <kgold@watson.ibm.com>
I am reviewing a specification for an application proposing to use XML and DSIG. The application proposes to use the feature of DSIG where the Reference does not have a URI attribute. Paragraph 4.3.3.1 says that "the identity of the object is part of the application context." I have a set of questions. 1 Is this another way of saying "it's up to the application to figure out what the Reference points to." 2 If #1's answer is "yes", would I be correct to assume that such an application could not use a generic DSIG compatible signer or verifier, because this generic software could not resolve the reference? 3 If #2's answer is "yes", isn't this a fairly strong argument for NOT using the "Reference without a URI attribute" feature. 4 If #2's answer is "no", is this because there is an unwritten convention for resolving a Reference without a URI? For example, would a generic signer/verifier assume it points to the whole document, the first element, or something like that? -- Ken Goldman kgold@watson.ibm.com 914-784-7646
Received on Monday, 6 November 2000 15:59:49 UTC