- From: merlin <merlin@baltimore.ie>
- Date: Mon, 03 Sep 2001 18:06:26 +0100
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Cc: Joseph Reagle <reagle@w3.org>, w3c-ietf-xmldsig@w3.org
Hi, If we really want to clarify the point, I'd suggest simply appending a sentence to 6.6.4 along the lines of: "This transform may only be applied to a node-set from its parent XML document." Or something like that. XPath already defines this use of here() as an error. Merlin r/geuer-pollmann@nue.et-inf.uni-siegen.de/2001.09.01/17:40:25 >Hi Joseph, > >> Christian/Merlin, I don't recall, did we ever resolve this proposal? > >I actually don't know. For me, it reads like : > > "It's not possible to apply Transforms that produce octet > stream output (like base64 or c14n) prior to > #enveloped-signature transform or an #xpath transform > that uses the here() function. Additionally, it's not > possible to apply #enveloped-signature transform or an > #xpath transform that uses here() to a non-local URI." > >But I am not sure whether this is correct. >Christian > > >Dialog modified for readability: > >>>>>> If you perform c14n/reparse, then you have a new document. >>>>>> Merlin > >>>>> Sorry fo bugging again. Could this be done by saying in the spec: >>>>> >>>>> "It's not possible to apply Transforms that produce octet >>>>> stream output (like base64 or c14n) prior to >>>>> #enveloped-signature transform or an #xpath transform >>>>> that uses the here() function." >>>>> Would this make sense? >>>>> Christian > >>>> That doesn't cover the case of applying the transform to a non-local >>>> URI. At most, a sentence saying that enveloped signature cannot be >>>> applied to a resource other than a node set from the original signature >>>> document. Given that the usage seems nonsensical, I'm not sure that >>>> even this is really necessary. >>>> Merlin > >>> But if I apply #enveloped-signature #xpath with here()-usage to a >>> non-local URI, this is an error, isn't it? >>> Christian > >> Hi Christian, It is. Your statement merely disallowed >> certain transforms, not certain URIs. >> Merlin > > > > >Mit freundlichen Gr=FC=DFen, > >Christian Geuer-Pollmann > > >-------------------------------------------------------------------------- >Institute for Data Communications Systems University of Siegen >Hoelderlinstrasse 3 D-57068 Siegen Germany > >mail: mailto:geuer-pollmann@nue.et-inf.uni-siegen.de >web: <http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/> > ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Received on Monday, 3 September 2001 13:07:13 UTC