[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Karel, > -----Original Message----- > From: karel.wouters@esat.kuleuven.ac.be > [mailto:karel.wouters@esat.kuleuven.ac.be] > Sent: Wednesday, March 26, 2003 1:12 PM > To: dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > Hi, > > some thoughts that came up during a discussion with a colleague: > > consider this: > User constructs an XML document and a corresponding > transformation that outputs an HTML version of the XML. The > transform embeds some code into the HTML such that the > representation of the HTML depends on the one who looks at > the HTML. (A verifier might see something completely > different than the signer.) The policy says something like > "the signer agrees with what he/she saw after the signed > transformation was applied to the signed XML" > > In that case, we're in trouble, and even signing the two > representations won't solve the problem. At least in my use case, which has been the starting point of this discussion, this scenario does not cause any problems: The verifier of the signature is the same entity as the one that let the signer sign the XML/HTML. Therefore the verifier alleges the transforms (and consequently the stylesheets) to be applied to the XML. /Gregor > IMHO, the XML and the transform should be signed, and the > rest should be left to be specified by people who adopt this > standard. They can specify their policies in an appropriate > way. The extra attribute with "this is what the user saw" > might be a part of the solution. > > There exist some nice papers about the WISYWIS problem wrt > XML and if some TC members are interested, I would be happy > to look them up. > > best regards, > > Karel. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]