W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: unparsed entities

From: Joseph M. Reagle Jr. (W3C) <reagle@w3.org>
Date: Wed, 07 Apr 1999 17:22:48 -0400
Message-Id: <>
To: "John Boyer" <jboyer@uwi.com>
Cc: <rdbrown@globeset.com>, "Dsig group" <w3c-xml-sig-ws@w3.org>
At 02:02 PM 4/7/99 -0700, John Boyer wrote:
 >Actually, you are not pushing too far here at all.  This is a real and
 >sticky issue-- a Pandora's Box, if you will. ...
 >In legal circles, it is of value to demonstrate 'best effort' in proving
 >authenticity and authorization of a transaction.  Signed XML can guarantee
 >these things in any context short of assuming that the software used by the
 >signer was 'unauthorized' by the manufacturer but was instead modified
 >specifically to trick the signer....
 >This, of course, is where signed XML stops and signed code starts.

Just as an aside, I think your analysis is quite accurate, we will have to
exercise some degree of discipline so as to not fall into a semantic
rat-hole. (I'm just waiting for a contention to be addressed by someone
saying, "You're just playing semantics... <smile>).

For those interested, last year, I looked at some of the WG consensus,
policy, and legal issues associated with schema design, and ended up
focussing the whole paper on semantics, in a way sometimes parrallel to your
text above. [1] This isn't just an issue common to signed-XML though,
signed-XML just prompts the issue in the most explicit way.

Eskimo Snow and Scottish Rain: Legal Considerations of Schema Design
[1] http://cyber.law.harvard.edu/people/reagle/md-policy-design-19990206.html

         I've already described the benefits of syntactic
         interoperability: any application can understand the
         structure of a document the first time it encounters it.
         Semantic interoperability gives us more. It allows us
         to take the semantics that associate invoking a
         payment application from a <purchase> tag and
         understand and share that as well. Whereas no one
         conceived of online grocery shopping, my agent
         might already be familiar with recipes, as well as
         buying computer parts, there is no reason it can't buy
         ingredients (recipe parts) on-line! The more meaning
         (how to agree, how to invoke, how to buy) we
         capture in computer understandable schemas, the
         more they will be able to help us. The authors of
         [CKR98] described this characteristic well: 

              And yet the ability to combine resources
              that were developed independently is an
              essential survival property of technology in
              a distributed information system.... In his
              keynote address at Seybold San Francisco
              [Berners-Lee, 1996], Tim Berners-Lee
              called this powerful notion "intercreativity".

         Presently, the most reasonable way to define
         operations and methods as part of a schema is to
         rely upon Remote Procedure Calls, object oriented
         network repositories, or computer languages like
         Java. How these might be best integrated into syntax
         and other semantic definition languages is an
         ongoing area of research. 

Joseph Reagle Jr.  W3C:     http://www.w3.org/People/Reagle/
Policy Analyst     Personal:  http://web.mit.edu/reagle/www/
Received on Wednesday, 7 April 1999 17:23:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:44:59 UTC