[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [Fwd: [dss] More on EnvelopingSignature]
Konrad, > > Good point, and I agree that the question should be: if client side > transforms make sense at all > for input documents that go into ds:Objects or are used to place > Signatures inside them > (i.e. dss:SignaturePlacement). I agree... > The more I think about that, I'd conclude that client side transforms > are only really useful for detached > signatures without ds:Objects if we want to return verifiable signatures. Mmmm...yes... for enveloped signatures you would actually expect to insert the signature within the original document not within the result of transforming one.... > > Right, the client side would have to exchange the ds:Objects content > against the content that was > there before the first client side transform to have a verifiable > signature. > I am not sure of understanding what you mean here... changing the ds:Object returned by the server (if this is what you mean) would lead in certain situations to failure of verification of the corresponding digest computed by the server, > I think the same is also true for dss:SignaturePlacement assuming that > ds:Reference should be > generated for an InputDocument pointed at by dss:SignaturePlacement. > Concerning to SignaturePlacement, if the requested signature is dettached, I still see as a good feature to process some transformations in the client side and request other transformations to the server... it is client's responsability to ensure that the server will be able to generate verifiable signatures. > However this might also be a feature and good for certain clients that > have tight bandwidth limitations > and hence want to use client side transforms, but this should probably > go into a profile. > So, is your suggestion to put client-side capabilities for generating transformations on the documents and report on them to the server, within a profile, even for the dettached signatures cases? Juan Carlos. > Konrad > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]