Trevor,
-----Original Message-----
From: Trevor Perrin [mailto:tre...@trevp.net]
Sent: Friday, March 28, 2003 10:55 PM
To: Nick Pope; kare...@esat.kuleuven.ac.be;
ds...@lists.oasis-open.org
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
At 12:07 PM 3/28/2003 +0000, Nick Pope wrote:
Content-Transfer-Encoding: 7bit
Trevor,
My concern with the signing of the data after an XSLT transform has
been applied is that the chances of two independent
implementations of
XSLT to get exactly the same byte-by-byte value for all
possible styles
is fairly low, event though they will look the same.
Is this taken care of by the last paragraph in XML-DSIG 6.6.5
(http://www.w3.org/TR/xmldsig-core/)? -
"The output of this transform is an octet stream. The
processing rules for
the XSL style sheet or transform element are stated in the XSLT
specification [XSLT]. We RECOMMEND that XSLT transform authors use an
output method of xml for XML and HTML. As XSLT implementations do not
produce consistent serializations of their output, we further
RECOMMEND
inserting a transform after the XSLT transform to
canonicalize the output.
These steps will help to ensure interoperability of the resulting
signatures among applications that support the XSLT
transform. Note that if
the output is actually HTML, then the result of these steps
is logically
equivalent [XHTML]."
Yes, I think this solves almost all problems resulting from slightly
different outputs produced by different XSLT engines. I am really
curious
if Nick had run into problems that cannot be solved by sticking to those
recommendations.
/Gregor
63 messages in org.oasis-open.lists.dssRE: [dss] Groups - dss-requirements-1...
.bin