[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Trevor, > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Tuesday, March 25, 2003 9:38 PM > To: Nick Pope; dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > > Right, but then I think you need to sign both the XML *and* the > transformed, human-readable form. > > As described, Gregor's use case only signs the transformed, > human-readable > form (which is produced from the XML by transforms, but > that's not the same > as signing the XML). > > Trevor No, my use case signes the "transforms process output data", as normally done by a XMLDSIG signature, *and in addition* it signes all the transforms process information which is not already part of the XMLDSIG signature. Now if the relying party has the "transforms process input data", and wants to check if the signing party has taken this "transforms process input data", has applied a specific transforms process, and then signed the resulting bytes (the "transforms process output data"), this check can be done since all the info used by the signing party to compute the transforms process is secured by the signature. /Gregor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]