[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] full schema for signing request, dss-proposal-rsalz-02.xsd
At 07:49 PM 9/18/2003 -0400, Rich Salz wrote: > > - should you send a value for dsig:Reference/@Type on each dss:Document? > >We could make it optional, since it's optional in the DSIG spec, sure. > > > - should you include Transforms on each dss:Document, to indicate > > transforms that have already been performed client-side? These might be > > hard to squeeze in an a dss:Parameter later, so they should probably be > > part of dss:Documents. > >That's an interesting idea. If they're per-document, than it indicates >the transforms have already ahppend, but if their in the Parameters, they >indicate what to do? Yeah. If you take a look at the schema I posted, it does the equivalent. > > - you include a value for the server to use as a dsig:Reference/@Id. I > > think this would be better as part of dss:Property, if it's necessary at > > all, since this is part of the Reference, not the document. > >I was thinking that for "embed the sig in doc#3" kind of things, you'd >need an Id. Could you use an index for referring to the documents, instead of an ID? Or is that less idiomatic? > Also, you want the client to be able to specify the ID >because for things like ws-security, the server won't know all the ID >attributes in the SOAP message, to it can't be sure of avoiding IDREF >conflicts. So you're using this for dsig:Reference/@Id, as well as for referring to the documents within the protocol itself? I think these uses should be separated, since a single document might correspond to multiple dsig:Reference's. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]