OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

At 04:43 PM 3/25/2003 +0100, Gregor Karlinger wrote:

>Robert & Trevor,
>
>I would like to make a clarification regarding the use case
>"Securing The Transform Chain" I have submitted to the group:
>
>It seems that in the requirements draft there is a mix up of
>two different stories:
>
>   1. The use case "Securing The Transform Chain" (which has
>      been the first part of my message "Use cases and
>      requirements input" sent to the list on Wed, 15 Jan
>      2003 [1].
>
>
>   2. A collection of requirements regarding digital signature
>      services in general (which comprise the second part of
>      that message).

Okay.  I think all your general requirements are incorporated into section 
3, in various places.  So we should change 2.7 to just mention the 
particular aspects of your use case.  I have a question about the use case, 
though:

You mention using transforms to make XML data human readable (by turning it 
into HTML, say), and then signing the XML data along with the transforms, 
so the relying party can reconstruct exactly what the signer saw when he 
was signing.

But then the XML data isn't really signed, so the relying party can't do 
anything with the XML itself - the transform might have turned the XML into 
something completely different.  So if all this accomplishes is 
transmitting signed HTML, why not just send signed HTML in the first place?

It seems that, if you want the relying party to process XML, the XML itself 
needs to be signed, not a transformed, human-readable version of 
it.  Presenting the to-be-signed data to the signer in an agreeable format 
is the problem of the signer's application software.

Now if that software wanted to add a signed attribute containing the HTML, 
or some transforms on the XML, to specify "this is what the signer actually 
saw", that might be a good idea, and could be used to resolve disputes 
about the signer's intent.  Should we modify the use case to something like 
that?

Trevor

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]