[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Comments on Core WD 01 3 Oct 03
At 06:15 PM 10/15/2003 -0400, Rich Salz wrote: > > Drop the <DocumentURI> and just have <Document> and <DocumentHash>? > >yes. > > > I dunno.. I'm always in favor of simplifying, but having a URI option was > > in the requirements doc. > >Aren't we allowed to not meet some requirements? :) I'll leave that for the chairs, I dunno :-). Let's try to figure out why we added it, though. As far as I can tell, Gregor Karlinger suggested it: http://lists.oasis-open.org/archives/dss/200301/msg00016.html """ 2.3.2 Signed Data: Reference or direct provision Data items to be signed/validated should be either provided to the service as a reference (URI), or directly as part of the request. The latter is important for situations where the data to be signed cannot be located by resolving a URI. """ You were skeptical: http://lists.oasis-open.org/archives/dss/200301/msg00017.html """ In some (many? :) cases, a DSS service will not be willing to retrieve data from arbitrary URL's on behalf of a client. In this case, the client must be able to "push" the data, along with an indicator of the URL of the data. Extending on this, a DSS service might be asked to verify a signature where it does not have the privileges to read the source document. A "just trust the References" mode would allow such a service to operate. """ But that's all the discussion there was. Then I put it in the 1st draft of the requirements doc, and there it stayed cause no-one found it offensive enough to complain about. I don't really see the use of this - it seems kinda unnecessary, since the client could always just hash the website on its own and send the hash. So I lean your way, we could take this out. Does anyone want it or see a real use for it? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]