[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Yes - although the URI would also be a good idea. That is what I think is being suggested by including the stylesheet in the manifest. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 25 March 2003 20:42 > To: Nick Pope; dss@lists.oasis-open.org; Trevor Perrin > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > Wouldn't a hash of the stylesheet included as part of the signed > data suffice to identify the stylesheet? > > ---------- Original Message ---------------------------------- > From: Trevor Perrin <trevp@trevp.net> > Date: Tue, 25 Mar 2003 12:42:09 -0800 > > > > >At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote: > > > >>Right, but then I think you need to sign both the XML *and* the > >>transformed, human-readable form. > > > >For example, an XML-DSIG could have 2 references, both to the same > >document, one of which applies a transform to make it > human-readable, the > >other of which doesn't. > > > >So the transforms (in this and other cases) still might need to be > >protected. But that raises another question about this use case > - is the > >best way to do this by putting the transforms in a ds:Manifiest? > I would > >say it's better to include them as a signed attribute, so you're > guaranteed > >that they're verified by a relying party. > > > >Trevor > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]