[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Groups - Minutes of Aug 8 2005 Conference Call (OASIS DSSMinutes Aug 8 2005.txt) uploaded
Tommy Lindberg wrote: >[...] >Konrad, could you please explain what the purpose of the >hasObjectTagsAndAttributesSet attribute is? > > "hasObjectTagsAndAttrbutesSet" tells the server that the client already took care of framing the contents to be included into an <ds:Object> in the resulting signature. It is needed if more than one Element or mixed Text and Element content is to be embedded into the <ds:Object>. E.g.: The following cannot be parsed as it does not have a single DocumentElement and the text ("some text.") in the prolog which is not allowed. So to speak the following is not a xml document and cannot be parsed to a NodeSet over a Document after it was base64 decoded or unescaped. some text. <FirstElement xmlns="" firstAttr="Text in first Attribute">Text in first Element</FirstElement> <SecondElement xmlns="">Text in second Element</SecondElement> <ThirdElement xmlns="">Third Text.</ThirdElement> If however this is wrapped into the <ds:Object> tags of XMLSig it represents a document again. Then one can set the "hasObjectTagsAndAttrbutesSet" to true and get the following parsed and signed. <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="ObjectId"> some text. <FirstElement xmlns="" firstAttr="Text in first Attribute">Text in first Element</FirstElement> <SecondElement xmlns="">Text in second Element</SecondElement> <ThirdElement xmlns="">Third Text.</ThirdElement> </Object> One could argue that we save the "hasObjectTagsAndAttrbutesSet" attribute by detecting if the DocumentElement sent is a ds:Object element, but I don't think that is a good idea, because what if someone wants a ds:Object inside a ds:Object. i.e. Consider the following example to be base64 encoded and assume the "hasObjectTagsAndAttrbutesSet" is set to false and Id="ObjectId" is set in <dss:IncludeObject>: <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="EmbedAndSignThisObject"> Some Text. </Object> It would have to result in the following to be signed <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="ObjectId"> <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="EmbedAndSignThisObject"> Some Text. </Object> </Object> Without the "hasObjectTagsAndAttrbutesSet" attribute such a case would be ambiguous. Best regards Konrad
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]