- From: Manoj K. Srivastava <manoj@infomosaic.com>
- Date: Fri, 27 Aug 2004 09:39:01 -0700
- To: "'Pichler Thomas'" <thomas.pichler@docuware.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
- Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA511mp3BH1BGh7VBMul7RbcKAAAAQAAAA>
Hello Thomas, Infomosaic SecureXML Digital Signature allows detached signatures to be created and simply keeps the file name (excluding the path) as the URI attribute of the <Reference> element. During signature verification, you can set the path to the actual file by setting an object property. You can try to verify the attached signed file by saving both the word and the xml files to disk and pointing your browser to http://www.infomosaic.net/XMLVerify.asp (you would need to install the SecureXML trial software on your computer first, which you can get by visiting http://www.infomosaic.net/TrialLicense.htm). The supreme court of Canada is using SecureXML in the above fashion for their e-filing application as the documents being signed are sometimes larger than 450 MB in size. Another feature of SecureXML which comes handy for such large files is the ability to calculate the digest on the server and simply have the digest signed on the client machine. Hope the above helps. If you need additional information, please let me know. Best Regards, Manoj _____ From: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of Pichler Thomas Sent: Friday, August 27, 2004 9:18 AM To: w3c-ietf-xmldsig@w3.org Subject: Relative URI for Detached Signatures We would like to apply XML-DSIG for enabling detached signatures on the documents managed by our DMS. However, we have a severe problem: We cannot put absolute URI into References because signature files (.xml) and signed data files (of any type) will definitely move! For example, they will be placed in different directories on different clients that check the documents out. The signatures shall remain verifiable in any context. After all, moving a file does not change its content and shouldn't affect any signatures on it. We think that relative URI (plain file names) should be used as References and be resolved to absolute URI in the given context. We've already seen some postings in this forum that ask for just that. However, we still haven't got a clear picture how far relative URI are covered or asked for by the XML-DSIG spec. They seem to be covered since any URI may be used as Reference and since a URI, according to its spec, may be relative. We know, at this time, that the .NET 1.1 implementation does not support them while a couple of other implementations do, for example the one from Ubisecure. Is there anybody out there who already has a clear picture regarding relative URI for detached signatures? Assuming that encoding and embedding the signed data is not an option for large documents, and that most of us live in a world where files move, we wonder how other people apply detached XML signatures. - Not at all? Thomas Pichler Manager Research & Development ________________________________ DocuWare AG Therese-Giehse-Platz 2 D-82110 Germering Germany Tel.: +49 (0)89/89 44 33-0 Fax: +49 (0)89/841 99 66
Attachments
- application/msword attachment: Business_Forms.doc
- text/xml attachment: fileSigned.xml
Received on Friday, 27 August 2004 16:42:21 UTC