- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 05 Jul 2001 12:00:37 -0400
- To: "Gregor Karlinger" <gregor.karlinger@iaik.at>
- Cc: "merlin" <merlin@baltimore.ie>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <AMIR@newgenpay.com>, "Dsig \(E-mail\)" <w3c-ietf-xmldsig@w3.org>
- Message-Id: <4.3.2.7.2.20010705112653.00ba09f0@localhost>
[As an aside ...] At 10:21 7/5/2001, Gregor Karlinger wrote: >As Armir has described his problem, he wants to use the DateTime to make a >statement on the version of a data object, and I would not consider this as >a property of the signature. SignatureProperty is a "translation" of sorts of how one would describe a resource in RDF [1]. (Similar grammar, different syntax). Because xmldsig had a large amount of xml and character processing that's difficult to model/represent in RDF concisely -- and people weren't keen on it at the time -- xmldsig is not in rdf syntax. So we invented a SignatureProperty tag that looks a lot like an <rdf:Description about="URI"> with a specific semantic: data about the signature. In xmldsig such "semantics" are optional and minimal, otherwise it's up to the application. Of course, at the application level I'm seeing all manner of kludging together "assertions", signature and signed object fields for describing things -- and it's pretty ugly. When you get into the description of resources and assertions (instead of processing XML, charsets, encodings, node-sets, XPath, etc.) that's RDF's strong point! The attachment is an RDF description of an object, using the well known Dublin Core metadata vocabulary [2] plus a signature on that object. (One could, of course, sign the statement itself including the description via an enveloped transform.) IMHO, the glue between xmldsig and the "semantic web" [3] needs work, but that work is more comprehensible and scales better (though's there a larger learning curve at the start) than innumerable different and incomplete ways of describing and asserting things (which seems easier at the start because one need only invent 4 tags for my app and write application logic to deal with them -- but what happens when you want to use other description/assertions in other syntaxes, or you want to extend your own?) [1] http://rdfweb.org/2000/08/why/ [2] http://dublincore.org/ [3] http://www.w3.org/DesignIssues/Semantic.html
-- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Attachments
- text/plain attachment: rdf-sign.txt
Received on Thursday, 5 July 2001 12:04:56 UTC