- From: Richard D. Brown <rdbrown@GlobeSet.com>
- Date: Thu, 8 Apr 1999 16:38:32 -0500
- To: "'John Boyer'" <jboyer@uwi.com>
- Cc: <w3c-xml-sig-ws@w3.org>
John, > > It seems that the signature filter idea could easily be > extended to say that > a signature should 'obtain' a list of resources, which could > then be put in > the signature element by the encoding routine before the hash > is generated. > What you have just depicted is, to some extent, what the XML Digital Signature Proposal recognizes as a Canonicalizer. I wrote "to some extent" because their initial purpose was not really to filter, but to produce a octet-stream representative of the semantics of the element being signed. But, Filter and Canonicalizer are very similar in their functionality - Being given an XML element (which could be the root) on input they produce the digest to be signed. Therefore, considering the flexibility of the Algorithm/Parameter definitions, it should quite straightforward to implement and parameterize an XFDL filter. In addition, the Canonicalizer definition (algorithm id and parameters) is already included in the Manifest of the signature (thence protected). Conclusion: XFDL signs the form element making use of an XFDL canonicalizer which is provided on entry with element exclusion and inclusion patterns. Will this approach make sense to you and address your concerns? Richard D. Brown Software Architect - R&D GlobeSet, Inc. Austin TX - U.S.
Received on Thursday, 8 April 1999 17:38:08 UTC