[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Trevor, > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Friday, March 28, 2003 10:55 PM > To: Nick Pope; karel.wouters@esat.kuleuven.ac.be; > dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > At 12:07 PM 3/28/2003 +0000, Nick Pope wrote: > >Content-Transfer-Encoding: 7bit > > > >Trevor, > > > >My concern with the signing of the data after an XSLT transform has > >been applied is that the chances of two independent > implementations of > >XSLT to get exactly the same byte-by-byte value for all > possible styles > >is fairly low, event though they will look the same. > > Is this taken care of by the last paragraph in XML-DSIG 6.6.5 > (http://www.w3.org/TR/xmldsig-core/)? - > > "The output of this transform is an octet stream. The > processing rules for > the XSL style sheet or transform element are stated in the XSLT > specification [XSLT]. We RECOMMEND that XSLT transform authors use an > output method of xml for XML and HTML. As XSLT implementations do not > produce consistent serializations of their output, we further > RECOMMEND > inserting a transform after the XSLT transform to > canonicalize the output. > These steps will help to ensure interoperability of the resulting > signatures among applications that support the XSLT > transform. Note that if > the output is actually HTML, then the result of these steps > is logically > equivalent [XHTML]." Yes, I think this solves almost all problems resulting from slightly different outputs produced by different XSLT engines. I am really curious if Nick had run into problems that cannot be solved by sticking to those recommendations. /Gregor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]