RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

["Gregor Karlinger" <gregor.karlinger@cio.gv.at>]

Karel,

> -----Original Message-----
> From: karel.wouters@esat.kuleuven.ac.be 
> [mailto:karel.wouters@esat.kuleuven.ac.be] 
> Sent: Wednesday, March 26, 2003 1:12 PM
> To: dss@lists.oasis-open.org
> Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
> 
> 
> Hi,
> 
> some thoughts that came up during a discussion with a colleague:
> 
> consider this:
> User constructs an XML document and a corresponding 
> transformation that outputs an HTML version of the XML. The 
> transform embeds some code into the HTML such that the 
> representation of the HTML depends on the one who looks at 
> the HTML. (A verifier might see something completely 
> different than the signer.) The policy says something like 
> "the signer agrees with what he/she saw after the signed 
> transformation was applied to the signed XML"
> 
> In that case, we're in trouble, and even signing the two 
> representations won't solve the problem.

At least in my use case, which has been the starting point
of this discussion, this scenario does not cause any problems:

The verifier of the signature is the same entity as the one
that let the signer sign the XML/HTML. Therefore the verifier
alleges the transforms (and consequently the stylesheets) to
be applied to the XML.

/Gregor

> IMHO, the XML and the transform should be signed, and the 
> rest should be left to be specified by people who adopt this 
> standard. They can specify their policies in an appropriate 
> way. The extra attribute with "this is what the user saw" 
> might be a part of the solution.
> 
> There exist some nice papers about the WISYWIS problem wrt 
> XML and if some TC members are interested, I would be happy 
> to look them up.
> 
> best regards,
> 
> Karel.
> 
>

smime.p7s