- From: Michael McIntosh <mikemci@us.ibm.com>
- Date: Wed, 16 Nov 2005 10:30:36 -0500
- To: Josseline <anders.rundgren@telia.com>
- Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org
Why not just provide a single ds:Signature using standard canonicalization with one ds:Reference to the XML document and one ds:Reference to the Schema document? Binds the document to the schema and therefore the schema provided content. Josseline <anders.rundgren@telia.com> Sent by: w3c-ietf-xmldsig-request@w3.org 11/16/2005 10:17 AM Please respond to Josseline To w3c-ietf-xmldsig@w3.org cc Subject Schema centric canonicalization - Need and status Hi, I'm working with standard for "Web Signing" [*]. In this work XML Schemas has been used extensively and together with XML DSig. However, it seems that not even exclusive canonicalization is really fit for the task as it is not designed for schema-defined instance documents. At least default attributes seems to break the current canonicalization algorithms. Essentially I have two options. Cripple schemas or invent a new algorithm. None of these alternatives appear very tempting but I'm leaning towards the latter as the "patch" needed is fairly small. Comments? Anders Rundgren *] The ability to in a browser sign a transation request or a static document, presented by a service provider.
Received on Wednesday, 16 November 2005 15:30:46 UTC