RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

["Gregor Karlinger" <gregor.karlinger@cio.gv.at>]

Trevor,

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net] 
> Sent: Tuesday, March 25, 2003 9:38 PM
> To: Nick Pope; dss@lists.oasis-open.org
> Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
> 
> 
> 
> Right, but then I think you need to sign both the XML *and* the 
> transformed, human-readable form.
> 
> As described, Gregor's use case only signs the transformed, 
> human-readable 
> form (which is produced from the XML by transforms, but 
> that's not the same 
> as signing the XML).
> 
> Trevor

No, my use case signes the "transforms process output data", 
as normally done by a XMLDSIG signature, *and in addition*
it signes all the transforms process information which is
not already part of the XMLDSIG signature.

Now if the relying party has the "transforms process input data",
and wants to check if the signing party has taken this "transforms
process input data", has applied a specific transforms process, 
and then signed the resulting bytes (the "transforms process output
data"), this check can be done since all the info used by the 
signing party to compute the transforms process is secured by
the signature.

/Gregor

smime.p7s