[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: From OASIS digital signatures services TC: request of comments (Answer by Ed Simon)
Dear all, I received an answer to my email on the transformation chain by Ed Simon. See below: -------------------------- Wrt issue 1, an XML Signature <Reference> element does, as you say, only sign the result of the applying the transforms to the referenced data. Indeed, it is possible that one could change only the referenced data, only the transforms, or both the referenced data and transforms, and achieve the same final result. This is fine if the only material data that needs to be signed is the resultant and I can imagine legitimate scenarios where the referenced data and transforms are changed with care taken not to alter the signed result. If it is important for your protocol to protect the integrity of the referenced data and/or the transforming code, then your XML Signature processing needs to mandate that, probably using additional SignedInfo/Reference constructs. In issue 2, you need to ensure that all data relevant to making the signature useful is indeed signed. It makes no sense for example to sign an HTML page but not its linked images, if those images are essential to the reason the signature is being implied. XML Signature provides the basis for signing multiple documents (in whole or in part) but cannot define for specific application scenarios, what to sign. It is up to protocol and application designers to subclass XML Signature (eg. have something conformant to the XML Signature schema but more constrained) according to the specific needs of that protocol or application. For issue 2, you could sign both the raw data and the transformed result, AND have your protocol define the exact requirements in relating the two. Verifying that those exact requirements have been met is beyond the scope, intentionally, of XML Signature; such requirements belong in the utilizing protocol specifications. At one point I recall, the XML Signature group did discuss the topic of, what I would call, "signing the user's experience". What a user sees may be dependent not only on the raw data or XML tranforms, but also the transform engine, the browser version, the existence of script engines, the fonts available on the machine, the pixel resolution of the monitor, ad infintum. Generally, there is no practical way to have perfect mathematical certainty connecting the a user's experience with application data. However, from a legal standpoint, such perfect certainty is not necessary. For more detail on this matter, may I highly recommend the "Legal Considerations" chapter in the new book "Web Services Security" (see my website "http://www.xmlsec.com/" or "http://www.amazon.com/exec/obidos/ASIN/0072224711/vordel-20/no-sim/104-3423 601-8567918" for details). Regards, Ed ---------------------------------------------------------------------------- ------------------------------------------- Ed Simon <edsimon@xmlsec.com> (613) 726-9645 XMLsec Inc. Interested in XML Security Training and Consulting services? Visit www.xmlsec.com.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]