Re: [xri] Secure XRD Proposals

[Peter Davis <peter.davis@neustar.biz>]

On Dec 18, 2008, at 12:29 PM, Dirk Balfanz wrote:

> On Thu, Dec 18, 2008 at 8:16 AM, Brian Eaton <beaton@google.com>  
> wrote:
> > Added a fourth proposal: signature in a separate file from the  
> signed document.
>
> This is what my vote would be for. The only con there is that you  
> can't sign bits and pieces of a document.
>
> Any reason we might need that feature?

I can see use cases for each service element being signed. This is  
essentially the detached signature model provided in XMLDsig.

We are really grappling with two different things here:

+ mechanisms for the computation of the digest of the signature  
subject (transforms)
+ mechanisms for the publication of the signature (and related  
materials)

These two facets should stand independent of one another, i think.

The detached signatures addition in [1] addresses the the second, but  
(i assume) allow for various digest processing models?

=peterd

[1] http://wiki.oasis-open.org/xri/XrdOne/SecureXrd