[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] OASIS DSS "Request for Feedback" - Signing Templates
We're off topic, but so as not to leave it hanging ... > I'm not so sure. The server can always "protect" itself by putting in the X509Certificate element that it has "on file." The DSS KeySelector prescribes use of ds:KeyInfo which as you know is a choice. If a user wishes to use X509Data as that choice, it is trivial to cross-check the elements of X509DataType. This can happen just as easily in a template scenario as in a KeySelector scenario. No diff, mute point. All other choices can be adequately controlled by the server. > I'm not so sure. For example, if I ask for an embedded signature with an xslt transform -- i.e., the server will return the "modified" document with signature to me -- then I could probably coerce the server into giving me files on its local disk that it doesn't want to: Very simple to address with simple usage provisos. e.g. The signing template may contain as many valid <Reference> structures as are required. All <References> and their <Transforms> however must be resolved within the scope of the <DocumentWithTemplate> element. Users wishing to sign multiple XML node sets should include them all in the input <DocumentWithTemplate> element as children of the root. This is only good practice. System security and protection in Web Server setting is a whole industry, not concerned. > Yup, I understand. That is why I want them to be a separate profile, so that my server be compliant, not implement them, and therefore be more secure. I would argue, a DSS implementor may want to pay the price of the added run-time checks to keep things tight and secure if it means making things easier for their client base. An implementer's trade-off decision. So I take it your in the "keep in the profiles camp" ;) Ed
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]