- From: <noah_mendelsohn@us.ibm.com>
- Date: Tue, 19 Feb 2002 17:57:23 -0500
- To: marc.hadley@sun.com
- Cc: rsalz@zolera.com, xml-dist-app <xml-dist-app@w3.org>
Mark Hadley writes: >> There's more to it than that, the proposed rules allow >> intermediaries to remove mustUnderstand="true|1", >> role=".../ultimateReceiver" attributes for instance. >> This is why the C14N transform would be a useful addition >> to the spec. Agreed. IF the protocols WG finally decides to allow such changes, then there is some value in a canonical form that accounts for them. My concern was about the much more complex proposal to sort headers based on their complete content, etc. Even so, I think that most uses of signature will be over >portions< of a SOAP message. Otherwise, we'd be saying that none of the intermediaries through which the message pass can do anything interesting to change or update the message! So, I think the other pitfall would be to invest design effot in trying to specifically account for the trivial changes that intermediaries will make to a message, but to not anticipate the useful work that they do. I suspect that useful signature systems will be over application-identified collections of header and/or body entries. Bottom line: I think we should carefully articulate the requirements and use cases for canonicalization and signatures before we go too far debating specific designs. I'm not against defining a canonicalization once we know what the success criteria are. Thanks! ------------------------------------------------------------------ Noah Mendelsohn Voice: 1-617-693-4036 IBM Corporation Fax: 1-617-693-8676 One Rogers Street Cambridge, MA 02142 ------------------------------------------------------------------
Received on Tuesday, 19 February 2002 18:11:42 UTC