[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] suggestion for 3.3.3 (Action 05-07-25-1)
Konrad, Thank you very much for your answer... I see your point: it allows to differentiate between inserting a signature within a document and generate an enveloped signature for that document... > > > You could achieve the same effect by using an EnvelopedSignature and > Transform XPath-Filters 2.0 as well, however this is just an example. > Yes, sure....but as you mention, this gives more flexibility to clients. > If the same request would also have "createEnvelopedSignature" set to > true everything but the SignedInfo (which cannot be signed > recursively) would be hashed together via a third ds:Reference having > an EnvelopedSignatureTransform. Element1 and Element2 would then be > double hashed in a way. Yes, I see... >> if, as you mention in one of your emails, we allow splicing >> by clients (with all the restrictions and notes you mention), then, >> asuming >> that you would have in one document a same-document URI, the server >> should imagine >> that the client would splice the signature within the document... > > > I'm sorry, but I'm not sure if I understand this question right. > Can you please try to put it in another way and refer to the email and > the relevant section in question. > Thanks a lot. > > Well, in fact it was a thought derived from my assumption that SignaturePlacement always implied EnvelopedSignature, which is not actually true. Now it is just a kind of question in the case that we allow for client splicing signatures within documents with all the restrictions and notes you mentioned: imagine that the client puts a same-document RefURI in a document, and that it does not incorporate any SignaturePlacement or InsertDocument elements. Under such circumpstances I would say that the client is instructing the server to build a ds:Reference with a same-URI document, and to return as a dettached signature for taking it and splicing in the document by itself, isn't it? As you see is not now directly related wit the attribute issue. Regards and thanks Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]