- From: Umut Alev <umutalev@microsoft.com>
- Date: Tue, 31 Aug 2004 09:48:53 -0700
- To: "Pichler Thomas" <thomas.pichler@docuware.com>, <w3c-ietf-xmldsig@w3.org>
Simply stating URI="SignedThisFile.doc" would not work. User has to give an Object representing the SignedThisFile.doc to the MSXML-DSIG. MSXML-DSIG is the native implementation of XML-DSIG for Microsoft Office 11 which shipped in 2003 used in InfoPath. Regards, - Umut Alev Microsoft Software Design Engineer http://msdn.microsoft.com/xml/ -----Original Message----- From: Pichler Thomas [mailto:thomas.pichler@docuware.com] Sent: Tuesday, August 31, 2004 4:41 AM To: Umut Alev; w3c-ietf-xmldsig@w3.org Subject: RE: Relative URI for Detached Signatures Dear Umut Alev, thank you very much for this information. I understand that custom URI resolving is possible with the MSXML implementation of XML-DSIG. Did you also mean with your statement that relative URI like, for example, URI = "SignedThisFile.doc", are supported by MSXML-DSIG? Can I add a Reference like this and successfully create & verify the signature? What's the relation between .NET XML-DSIG and MSXML-DSIG? Is the former a (partial) wrapper of the latter? Or are these two independent implementations? Kind regards, Thomas Pichler -----Original Message----- From: Umut Alev [mailto:umutalev@microsoft.com] Sent: Saturday, August 28, 2004 1:26 AM To: Umut Alev; Pichler Thomas; w3c-ietf-xmldsig@w3.org Subject: RE: Relative URI for Detached Signatures See for more information on how MSXML does this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/ html/xmmth_setreferencedata.asp Umut Alev Microsoft Software Design Engineer http://msdn.microsoft.com/xml/ ________________________________ From: Umut Alev Sent: Fri 8/27/2004 4:16 PM To: Pichler Thomas; w3c-ietf-xmldsig@w3.org Subject: RE: Relative URI for Detached Signatures Actually what you mention is can be solved at the application level. If application resolves the URIs. If the application has a mapping mechanizim, and URI can be mapped to any input file. ________________________________ From: w3c-ietf-xmldsig-request@w3.org on behalf of Pichler Thomas Sent: Fri 8/27/2004 9:17 AM To: w3c-ietf-xmldsig@w3.org Subject: Relative URI for Detached Signatures We would like to apply XML-DSIG for enabling detached signatures on the documents managed by our DMS. However, we have a severe problem: We cannot put absolute URI into References because signature files (.xml) and signed data files (of any type) will definitely move! For example, they will be placed in different directories on different clients that check the documents out. The signatures shall remain verifiable in any context. After all, moving a file does not change its content and shouldn't affect any signatures on it. We think that relative URI (plain file names) should be used as References and be resolved to absolute URI in the given context. We've already seen some postings in this forum that ask for just that. However, we still haven't got a clear picture how far relative URI are covered or asked for by the XML-DSIG spec. They seem to be covered since any URI may be used as Reference and since a URI, according to its spec, may be relative. We know, at this time, that the .NET 1.1 implementation does not support them while a couple of other implementations do, for example the one from Ubisecure. Is there anybody out there who already has a clear picture regarding relative URI for detached signatures? Assuming that encoding and embedding the signed data is not an option for large documents, and that most of us live in a world where files move, we wonder how other people apply detached XML signatures. - Not at all? Thomas Pichler Manager Research & Development ________________________________ DocuWare AG Therese-Giehse-Platz 2 D-82110 Germering Germany Tel.: +49 (0)89/89 44 33-0 Fax: +49 (0)89/841 99 66
Received on Tuesday, 31 August 2004 17:41:23 UTC