OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] full schema for signing request

>  - Document/Data is *always* base64 encoded, but it has a MimeType 
> attribute.  I don't think we want to send unencoded XML data, because 
> there might be an ID collision?  So can we just require base64 for all 
> input documents, and use "text/xml" to indicate XML?

I'm fine with that.  Once SOAP gets an official attachment mechanism, we 
don't have to do that.

>  - Each InputDocument has an ID, and SignedReference/@WhichInputDocument 
> is an IDREF
>  - Each InputDocument has a refURI and refType.  The server will use 
> these to populate the dsig:Reference attributes
>  - Each SignedReference has a refID attribute.  The server will use this 
> to populate the dsig:Reference attribute

Those seem good.

>  - There's no flag to indicate "Envelope this".  Can we assume the 
> server can determine this from InputDocument/refType?  I.e., if the 
> refType is Object, SignatureProperties, or Manifest, then it's 
> enveloped, otherwise not?

I don't have a problem with that, but this might be controversial for some.

Nice job!

Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]