[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
> -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 25 March 2003 20:42 > To: Nick Pope; dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > > At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote: > > >Right, but then I think you need to sign both the XML *and* the > >transformed, human-readable form. > > For example, an XML-DSIG could have 2 references, both to the same > document, one of which applies a transform to make it human-readable, the > other of which doesn't. I was thinking of references to the XML document and the transform. Having two copies of the same document raises questions as to which is the "orginal" if they differ. > > So the transforms (in this and other cases) still might need to be > protected. But that raises another question about this use case - is the > best way to do this by putting the transforms in a ds:Manifiest? I would > say it's better to include them as a signed attribute, so you're > guaranteed > that they're verified by a relying party. I'm not sure I get the significance of putting them in an attribute. Why does this give greater assurance that the relying party will verify it? This is an issue that should be controlled through the user's policy, not the standard. It is a question of risk whether a relying party would depend on the integrity of the style sheet. It may be that even if the style sheet is corrupted that it is less risk to act on the XML than ignore it (e.g. if I received a "retreat" message I think that I would act on it even if the style sheet was corrupt.) Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]