Re: In reply to: Reference element in page 23 of CPP/A Spec

[Himagiri Mukkamala <himagiri@sybase.com>]

1) Note to myself: Spell check

2) But the KeyInfo and CertificateINfo exist in other
elements of Signature. So how would it get validated
if the 'system' doesn't know the certificate to use
to verify the document.

Robert Anthony Weida wrote:

> Himagiri Mukkamala wrote:
>
> >1) Reference element for ProcessSpecification specifies Digest method as
> >
> >http://ww.w3.org/2000/09/xmldsig#dsa-sha1.
> >
> >XMLDSIG spec has only one digest algorithm mentioned and that is
> >
> >http://ww.w3.org/2000/09/xmldsig#sha1
>
> I think we should specify the latter algorithm (except "www" instead of
> "ww").  I'll record the issue.
>
> >2) Wouldn't we need the whole "Signature" element instead of just
> >the reference element for the ProcessSpecification so that
> >it can be verified
>
> No, the ds:Reference element contains sufficient information to verify the
> referenced process specification document.  Sections 7.5.4 and 8.7 contain
> several passages on the the use of ds:Reference elements in relation to
> ds:Signature elements, including the following from Section 7.5.4.5:
>
> NOTE: It is recognized that the XML Digital Signature specification[XMLDSIG]
> provides for signing an XML document together with externally referenced
> documents.  In cases where a CPP or CPA document is in fact suitably signed,
> that facility could also be used to ensure that the referenced
> Process-Specification documents are unchanged.  However, this specification
> does not currently mandate that a CPP or CPA be signed.
>
> >-h
>
> Tony
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>