[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Gregor, I looked into my "archives" and to my surprise, I only had two things on WYSIWYS. You know of them, but I include the refs for the TC. the CMS 2001 paper of Karl Scheibelhofer: What You See Is What You Sign - Trustworthy Display of XML Documents for Signing and Verification", Proceedings of CMS 2001 Conference, Darmstadt, Germany, 21-22 May 2001, pp. 3-13, Kluwer Academic Publishers, ISBN 0-7923-7365-0. his RSA conference paper "What You See Is What You Sign", Proceedings of the RSA Conference 2001 Europe (Online), 15-18 October 2001, Amsterdam, Netherlands. and his Ms. thesis: "Signing XML Documents and the Concept of WYSIWYS" http://www.iaik.tugraz.at/teaching/11_diplomarbeiten/archive/scheibelhofer.pdf Work that is, I guess, related to the AIDA project: http://aida.infonova.at/aida.htm best regards, Karel. On Sun, 30 Mar 2003, Gregor Karlinger wrote: > Karel, > > yes, refs to papers on WYSIWYS would be fine (I am curious about the > sources of those papers - maybe from a EU project IAIK participated?) > > Regards, > Gregor > > > > -----Original Message----- > > From: Nick Pope [mailto:pope@secstan.com] > > Sent: Wednesday, March 26, 2003 2:35 PM > > To: karel.wouters@esat.kuleuven.ac.be; dss@lists.oasis-open.org > > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > > > > I agree with what you say. > > > > I would welcome references to the papers on WYSIWYS that you mention. > > > > Nick > > > > > -----Original Message----- > > > From: karel.wouters@esat.kuleuven.ac.be > > > [mailto:karel.wouters@esat.kuleuven.ac.be] > > > Sent: 26 March 2003 12:12 > > > To: dss@lists.oasis-open.org > > > Subject: RE: [dss] Groups - > > dss-requirements-1.0-draft-02.doc uploaded > > > > > > > > > Hi, some thoughts that came up during a discussion with a > > > colleague: consider this: User constructs an XML document and a > > > corresponding transformation that outputs an HTML version of the > > > XML. The transform embeds some code into the HTML such that the > > > representation of the HTML depends on the one who looks at the > > > HTML. (A verifier might see something completely different than > > > the signer.) The policy says something like "the signer agrees > > > with what he/she saw after the signed transformation was applied > > > to the signed XML" In that case, we're in trouble, and even > > > signing the two representations won't solve the problem. IMHO, > > > the XML and the transform should be signed, and the rest should > > > be left to be specified by people who adopt this standard. They > > > can specify their policies in an appropriate way. The extra > > > attribute with "this is what the user saw" might be a part of the > > > solution. There exist some nice papers about the WISYWIS problem > > > wrt XML and if some TC members are interested, I would be happy > > > to look them up. best regards, Karel. > > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]