- From: Richard D. Brown <rdbrown@GlobeSet.com>
- Date: Wed, 7 Apr 1999 19:20:19 -0500
- To: "'John Boyer'" <jboyer@uwi.com>
- Cc: "'Dsig group'" <w3c-xml-sig-ws@w3.org>
John, > If, on the other hand, a signature manifest states that > certain external > entities should be packaged into the signature element as > subelements, then A signature Manifest does not drive the signature computation process. It only reports about it so that signature verification can be done. The Manifest consists of the element that is actually authenticated. Authentication of other elements is indirect (at least in my proposal). However, you raise one point that is quite interesting: should we provide the ability to identify authenticated resources in the Manifest either by means of a reference (XML Link and Hash) or by value (package sub-element)? This is a bit different from what I have proposed: packaging can be done but outside the Manifest. Nonetheless, this does not really change my opinion regarding the fact that the Signature Standard shall not require the signature engine to "chase" given external entities. Somewhere I feel that our divergence may be due to different concept regarding the API that is used at the end. Are you contemplating something so that in final you sign an XML document that is input as a stream in the signature engine? SignatureEngine engine =new SignatureEngine(); engine.setParameter(...); engine.encode(inputStream, outputStream); // envelope approach (i.e. S/MIME) Or do you envision something where you explicitly indicate the elements (or resources) that should be authenticated? Signature sig =new Signature(); sig.setParameter(...); sig.addResource(element1); sig.addResource(element2); Element xsig =sig.encode(); -- Please apologize for these nasty code snippets. They are strictly intended for illustrative purposes. -- In the first case, the standard must specify global attributes to identify which elements must be authenticated. In the second case, this is the matter of the application layer to identify these elements. Which approach has been adopted for XFDL? Sincerely, Richard D. Brown Software Architect - R&D GlobeSet, Inc. Austin TX - U.S.
Received on Wednesday, 7 April 1999 20:19:48 UTC