[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] full schema for signing request
> If we rewrote it that way, the only function of dss:Parameter would be to > contain the "mustUnderstand" attribute. At the f2f we decided that the > server should *have* to understand any client parameters, or reject the > entire request. Just made things simpler. We could revisit that. But if > we got rid of mustUnderstand we wouldn't need dss:Parameter, we could just do: The biggest drawback I can see is that it prevents re-using elements; you can't say "this ds:KeyInfo is for signing, and this ds:KeyInfo is for timestamping". Instead you'd have to wrap each ds:KeyInfo element inside a namespaced container that identified the semantics. I think it's cleaner to identify the semantics and leave the content open. If mustUnderstand goes away from the core, that's okay. I'd like to leave open the possibility of adding it (with default value true) in future versions, tho. -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]