Attributes Re: what does a signature mean ? (standard vocabulary) from dee3@us.ibm.com on 1999-04-19 (w3c-xml-sig-ws@w3.org from April 1999)

From: <dee3@us.ibm.com>
Date: Mon, 19 Apr 1999 14:39:04 -0400
To: "'XML-sig group'" <w3c-xml-sig-ws@w3.org>
Message-ID: <85256758.006B14CD.00@D51MTA10.pok.ibm.com>

There are a number of suggestions for labeling signature meaning and a
suggestion of a separate WG to do this.  As long as there is a place for
attributes in the signature, you can always put such labels there.

Along these lines, there was the argument at the workshop about whether to
allow attributes in the signature element.  IE, can you have attributes and
possibly multiple resource pointers and hashes within the signature element
or are you restricted to having a single pointer to and hash of an
intermediate block that can have attributes and/or multiple resouces.  I
still can't see why simplifying the signature block like that is worth the
additional complexity of having this added intermediate block...

Thanks,
Donald

Donald E. Eastlake, 3rd
17 Skyline Drive, Hawthorne, NY 10532 USA
dee3@us.ibm.com   tel: 1-914-784-7913, fax: 1-914-784-3833

home: 65 Shindegan Hill Road, RR#1, Carmel, NY 10512 USA
dee3@torque.pothole.com   tel: 1-914-276-2668



Martin Lee <m.lee@andtech.co.uk> on 04/19/99 11:46:48 AM

To:   "'XML-sig group'" <w3c-xml-sig-ws@w3.org>
cc:    (bcc: Donald Eastlake/Hawthorne/IBM)
Subject:  what does a signature mean ? (standard vocabulary)





I missed the subtlety, others will misunderstand too unless its made
clear in the specification.

Singing a document, or part of a document means different things to
different people, from I've seen it, to I believe this to be true, to I
legally
commit myself to this transaction.

I propose that a set of standard vocabulary be suggested, to be included
as an attribute to the digital signature.

The default being (jn the absence of any other assertion):
The keyholder has 'touched' or 'received' the signed data.

Then in ascending order of commitment:
The keyholder has read the signed data.
The keyholder has read and agrees with the signed data.
The keyholder believes the signed data to be correct.
The keyholder believes the signed data to be correct and to be legally
bound by it.

The first three should cover creating audit trails of who has received/seen
a document.
The forth expresses what I wish to say in signing metadata describing
documents.
The fifth I hope to come close to what the e-commerce people need to assert
in thier
documents.

What do people think?

Martin

Martin Lee
AND Data Ltd.
Oxford
UK

Received on Monday, 19 April 1999 15:30:10 UTC