- From: Joseph Reagle <reagle@w3.org>
- Date: Mon, 28 Jan 2002 15:21:26 -0500
- To: "Karl Scheibelhofer" <Karl.Scheibelhofer@iaik.at>, "'John Boyer'" <JBoyer@PureEdge.com>, "'merlin'" <merlin@baltimore.ie>
- Cc: <w3c-ietf-xmldsig@w3.org>
On Monday 28 January 2002 13:17, Karl Scheibelhofer wrote: > yes, i use three references in each signature. those look like this: Ok. > c%20./ancestor::dsig:Signature%5b1%5d/child::dsig:Object/child::aida:pro > perties/child::aida:signedProperties//@*%20%7c%20./ancestor::dsig:Signat > ure%5b1%5d/child::dsig:Object/child::aida:properties/child::aida:signedP > roperties//namespace::*)"> Well having a transform such these expressions can be easily expressed without character escaping would be one benefit -- much more readable! <smile/> > each of these parallel > signatures uses the same XPointer references, because the XPointers are > relative. How is the relativity achieved? I note you are using "./ancestor" instead of "here()/ancestor". In XPtr isn't your context location [1] still initialized to the root node? [1] http://www.w3.org/TR/xptr/#context > i think i could live without this omission filters, because i cannot > imagine a reasonable other use-case for them. who needs a filter like > "just sign all attributes which's name is ..."? The motivating scenario was of signing a form whereby I want to sign the whole form except a few of the fields where the recipient might enter their own information. This isn't easily accomplished via subtrees. > the signature is never part of the signed document. consequently, i > structure my documents that this is really the case. this means, the > signature is never the descendant of any of its signed elements. in my > use-case the signature is a sibling of the signed content, if it is > inside the same document. and if the signature is detached, there is no > problem anyway. > putting all singed data into the Object element of a signature and then > signing the complete document excluding the signature itself, is "not a > nice design" putting it mildly. Ok, thank you! Understanding folks deployment scenarios is very useful. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Monday, 28 January 2002 15:21:33 UTC