- From: Pichler Thomas <thomas.pichler@docuware.com>
- Date: Fri, 27 Aug 2004 18:17:56 +0200
- To: <w3c-ietf-xmldsig@w3.org>
- Message-ID: <2936BA9421415644969DED47300508A5011F01A6@dwexchange>
We would like to apply XML-DSIG for enabling detached signatures on the documents managed by our DMS. However, we have a severe problem: We cannot put absolute URI into References because signature files (.xml) and signed data files (of any type) will definitely move! For example, they will be placed in different directories on different clients that check the documents out. The signatures shall remain verifiable in any context. After all, moving a file does not change its content and shouldn't affect any signatures on it. We think that relative URI (plain file names) should be used as References and be resolved to absolute URI in the given context. We've already seen some postings in this forum that ask for just that. However, we still haven't got a clear picture how far relative URI are covered or asked for by the XML-DSIG spec. They seem to be covered since any URI may be used as Reference and since a URI, according to its spec, may be relative. We know, at this time, that the .NET 1.1 implementation does not support them while a couple of other implementations do, for example the one from Ubisecure. Is there anybody out there who already has a clear picture regarding relative URI for detached signatures? Assuming that encoding and embedding the signed data is not an option for large documents, and that most of us live in a world where files move, we wonder how other people apply detached XML signatures. - Not at all? Thomas Pichler Manager Research & Development ________________________________ DocuWare AG Therese-Giehse-Platz 2 D-82110 Germering Germany Tel.: +49 (0)89/89 44 33-0 Fax: +49 (0)89/841 99 66
Received on Friday, 27 August 2004 16:22:44 UTC