[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
I agree with what you say. I would welcome references to the papers on WYSIWYS that you mention. Nick > -----Original Message----- > From: karel.wouters@esat.kuleuven.ac.be > [mailto:karel.wouters@esat.kuleuven.ac.be] > Sent: 26 March 2003 12:12 > To: dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > Hi, some thoughts that came up during a discussion with a > colleague: consider this: User constructs an XML document and a > corresponding transformation that outputs an HTML version of the > XML. The transform embeds some code into the HTML such that the > representation of the HTML depends on the one who looks at the > HTML. (A verifier might see something completely different than > the signer.) The policy says something like "the signer agrees > with what he/she saw after the signed transformation was applied > to the signed XML" In that case, we're in trouble, and even > signing the two representations won't solve the problem. IMHO, > the XML and the transform should be signed, and the rest should > be left to be specified by people who adopt this standard. They > can specify their policies in an appropriate way. The extra > attribute with "this is what the user saw" might be a part of the > solution. There exist some nice papers about the WISYWIS problem > wrt XML and if some TC members are interested, I would be happy > to look them up. best regards, Karel. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]