[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Hi, some thoughts that came up during a discussion with a colleague: consider this: User constructs an XML document and a corresponding transformation that outputs an HTML version of the XML. The transform embeds some code into the HTML such that the representation of the HTML depends on the one who looks at the HTML. (A verifier might see something completely different than the signer.) The policy says something like "the signer agrees with what he/she saw after the signed transformation was applied to the signed XML" In that case, we're in trouble, and even signing the two representations won't solve the problem. IMHO, the XML and the transform should be signed, and the rest should be left to be specified by people who adopt this standard. They can specify their policies in an appropriate way. The extra attribute with "this is what the user saw" might be a part of the solution. There exist some nice papers about the WISYWIS problem wrt XML and if some TC members are interested, I would be happy to look them up. best regards, Karel.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]