OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] DSIG proposal - FYI


On 05.01.09 14:26, Bob Jolliffe wrote:

>>  2.2 In the <ds:Signature> element, there will be one or more
>> <ds:Reference> elements.  Those elements will need to refer to Zip items
>> within the ODF package for there to be signing of those items or elements
>> within them (in the case that the item is an XML document).
>>  2.3 It is probably important to point out that the use of relative paths
>> in the <ds:Reference> element URI is subject to the interpretation for ODF
>> 1.2 relative paths and that the reference is understood to be [in]to the
>> uncompressed form of the Zip package item.
> If you go back to the long discussion we had about relative URIs in
> ODF you might remember that I was a bit confused because current
> implementations of ODF signatures do not actually follow the
> convention ie. the base URI in these signature references is in fact
> always the root of the package rather than relative to the file which
> contains the reference.  This is historical and not much we can do
> about it.  I don't want to mandate a behaviour which makes the only
> existing implementations non-conformant.  What I would rather see is a
> new interoperable signature format which uses XAdES basic signature
> and "proper" relative URI's, at which point we can start to deprecate
> the existing signatures.  So for the moment I'm silent on this one.

It is indeed an interesting question whether the rules we define for the
resolution of relative URIs within packages should or should not apply
to the relative URIs used within digital signatures.

On the one hand, the references to the signed streams of zip files are 
URI references. Therefore, it may be reasonable if they follow
the same rules that apply to relative URIs in a let's say content.xml.

One the other hand, digital signatures are part of the package
specification itself, and are for that reason stored in the META-INF
folder which holds data about the package itself, rather than its 
content. Which means they occur on a different level. The paths in the 
META-INF/manifest.xml for instance all are relative to the package root, 
and one may argue that other files in META-INF should not behave 
differently. The difference however is that the paths in the 
manifest.xml are just paths, not URIs.

So, I think one may find arguments for and against both options, and I 
honestly don't know whether I consider the one or the other to be more 

Best regards


Michael Brauer, Technical Architect Software Engineering
Sun Microsystems GmbH             Nagelsweg 55
D-20097 Hamburg, Germany          michael.brauer@sun.com
http://sun.com/staroffice         +49 40 23646 500

Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1,
	   D-85551 Kirchheim-Heimstetten
Amtsgericht Muenchen: HRB 161028
Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
Vorsitzender des Aufsichtsrates: Martin Haering

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]