OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Digital signature proposal

Bruce,

please let me clarify this. The proposal actually consists of two parts. 
One part is to add files called "documentsignatures.xml" and 
"macrosignatures.xml", which contain document signatures and macro 
signatures. The situation here is the the same as for the "content.xml" 
and "styles.xml" files that contains a document's content or styles, and 
that are also identified by their name. I therefore think it is 
reasonable to reuse this identification mechanism for these two kind of 
signatures as well.

The other part of the proposal actually is about adding signatures in 
general. The sentence that a signature stream shall include the term 
"signature" is actually not to be understood as an identification schema 
for signatures, but only as a naming guideline. Actually, there is no 
requirement for other kind of signatures than the two mentioned above. 
For this reason, if this naming guideline can be mis-understood, I would 
suggest that we remove it, instead of trying to find some identification 
schema for signatures, that we actually don't need at the moment.


Bruce D'Arcus wrote:
> 
> On Feb 16, 2007, at 6:08 AM, Michael Brauer - Sun Germany - ham02 - 
> Hamburg wrote:
> 
>> Files within a package may have a digital signature applied. Digital 
>> signatures are stored in one or more files within the META-INF folder. 
>> The names of these files *shall* contain the term "signatures".
> 
> Using file names to denote function seems like a bad idea to me. The 

It depends on how the files in question are used. Using the name to 
denote the function of a file is reasonable if there is exactly one file 
that has this function. That's the case for the content.xml and 
styles.xml, but also for the proposes documentsignatures.xml and 
macrosignatures.xml.

If there could be multiple files that have certain function, like in the 
metadata case, then a more flexible identification schema is in fact 
required.

> manifest should be used to indicate whether a file is a signature (or 
> something else)?

Actually, the signatures are considered to be part of the package 
itself. That's why they are stored in the META-INF folder. I'm therefore 
  not sure whether they should be added to the manifest at all.

Michael

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]