OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] Groups - Minutes of Aug 8 2005 Conference Call (OASIS DSSMinutes Aug 8 2005.txt) uploaded

Tommy Lindberg wrote:

>[...]
>Konrad, could you please explain what the purpose of the
>hasObjectTagsAndAttributesSet attribute is?
>  
>
"hasObjectTagsAndAttrbutesSet" tells the server that the client already 
took care of framing the contents to be included into an <ds:Object> in 
the resulting signature.

It is needed if  more than one Element or mixed Text and Element content 
is to be embedded into the <ds:Object>.

E.g.: The following cannot be parsed as it does not have a single 
DocumentElement and the text ("some text.") in the prolog which is not 
allowed. So to speak the following is not a xml document and cannot be 
parsed to a NodeSet over a Document after it was base64 decoded or 
unescaped.

         some text.
        <FirstElement xmlns="" firstAttr="Text in first Attribute">Text 
in first Element</FirstElement>
        <SecondElement xmlns="">Text in second Element</SecondElement>
        <ThirdElement xmlns="">Third Text.</ThirdElement>

If however this is wrapped into the <ds:Object> tags of XMLSig it 
represents a document again. Then one can set the 
"hasObjectTagsAndAttrbutesSet" to true and get the following parsed and 
signed.

<Object xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="ObjectId">
         some text.
        <FirstElement xmlns="" firstAttr="Text in first Attribute">Text 
in first Element</FirstElement>
        <SecondElement xmlns="">Text in second Element</SecondElement>
        <ThirdElement xmlns="">Third Text.</ThirdElement>
</Object>

One could argue that we save the "hasObjectTagsAndAttrbutesSet" 
attribute by detecting if the DocumentElement sent is a ds:Object 
element, but I don't think that is a good idea, because what if someone 
wants a ds:Object inside a ds:Object.

i.e. Consider the following example to be base64 encoded and assume the 
"hasObjectTagsAndAttrbutesSet" is set to false and Id="ObjectId" is set 
in <dss:IncludeObject>:

  <Object xmlns="http://www.w3.org/2000/09/xmldsig#"; 
Id="EmbedAndSignThisObject">
       Some Text.
   </Object>

It would have to result in the following to be signed

<Object xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="ObjectId">
  <Object xmlns="http://www.w3.org/2000/09/xmldsig#"; 
Id="EmbedAndSignThisObject">
       Some Text.
   </Object>
</Object>

Without the "hasObjectTagsAndAttrbutesSet" attribute such a case would 
be ambiguous.

Best regards
Konrad

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]