- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 05 Feb 2003 13:33:17 -0500
- To: Joseph Swaminathan <jswamina@cisco.com>
- CC: Tom Gindin <tgindin@us.ibm.com>, w3c-ietf-xmldsig@w3.org
> My question is, if there is a content in the XML document we > cannot trust, then shouldnt we, not use it for any purpose. What > situation a data which can't be trusted be useful. Signature validation might be performed by a third-party service that has no knowledge of the signer identities; separating authentication from authorization. Perhaps it might help if you think of validation as a tri-state: trusted, untrusted, and indeterminate. <example removed> Your example can be summarized like this: the organization is using unsigned data in its operations, and that can be hacked. I agree. But that's irrelevant here. /r$
Received on Wednesday, 5 February 2003 13:40:04 UTC