- From: Blake Dournaee <bdournaee@sarvega.com>
- Date: Fri, 17 Oct 2003 11:36:08 -0700
- To: w3c-ietf-xmldsig@w3.org
Hi Gino, My first impression to your question would be: "Why choose XML Signature to begin with?" XML Signature is great for situations where XML data must be selectively signed based on XML document subsets. The situation that you have described doesn't immediately point to a multi-hop signing environment with multiple intermediate signers. Alternatively, if you are in a situation where you want to authenticate function calls (e.g. a 'true' XML-based Web Service enviornment), you are 'stuck' with the W3C XML Signature in some form another (either the raw standard itself or its use in WS-Security Core). What types of document artifacts do you need to authenticate? Are these function call 'representations' or documents of some format? Of all the XML Security standards, XML Signature is certainly the most mature, but there are some important security concerns to be careful of, especially with regards to transformations. Blake Dournaee Senior Architect Sarvega, Inc.
Received on Friday, 17 October 2003 14:36:11 UTC