[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [oic] Advisories 0001 - Change Tracking and Signing
The current existing implementation of META-INF/documentsignatures.xml (in OO.o 3.2.0) will as if signing should continue if the document contains tracked changes or comments. Of course, an implementation that does not support tracked changes is in no position to offer such advice, which is why I think the correct behavior for a non-supporting producer is to never produce such markup (and to correctly ignore it as a consumer). That way, whether or not a signature is to be produced, there is clear, consistent behavior. As a general principle, I find it unacceptable for a consumer to produce markup that it doesn't support. There might be some sort of careful exception case, but I don't think this is one. - Dennis -----Original Message----- From: Hanssens Bart [mailto:Bart.Hanssens@fedict.be] Sent: Tuesday, June 15, 2010 11:08 To: dennis.hamilton@acm.org; oic@lists.oasis-open.org Subject: RE: [oic] Advisories 0001 First Attempt - Separating Change Tracking > I think observations about not preserving unsupported change tracking > applies to producers, not consumers. The consumer presentation as if > changes are accepted is a consequence of ignoring the change tracking > and any markers. If a new document is produced, it should definitely be > without the change-tracking information. OK, so nothing to be added in this advisory... > In particular, a producer that does not support change tracking and that > supports META-INF/documentsignatures.xml (in ODF 1.2) should never > produce content that the producer's user can't see, (...) Hmm, it depends on the context of the signature: is it a legal statement ? In that case, there's probably a profile to be made :-) Many people would go for the almost-PDF/A-route (no scripts, no hidden stuff...) although that might not always be the desired option. See also a very preliminary document: http://www.oasis-open.org/committees/document.php?document_id=32052&wg_abbre v=oic If the signature is "only" a verification mechanism (to be sure the document and all the files in the packages are trustworthy), then scripts, database connections, change tracking, hidden metadata etc are OK Best regards Bart --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]