atom feed63 messages in org.oasis-open.lists.dssRE: [dss] Groups - dss-requirements-1...
FromSent OnAttachments
robe...@entrust.comMar 24, 2003 12:58 pm 
Gregor KarlingerMar 25, 2003 7:34 am.bin
Trevor PerrinMar 25, 2003 11:30 am 
Nick PopeMar 25, 2003 11:35 am 
Nick PopeMar 25, 2003 12:23 pm 
Trevor PerrinMar 25, 2003 12:29 pm 
Trevor PerrinMar 25, 2003 12:33 pm 
jmessingMar 25, 2003 12:36 pm 
Trevor PerrinMar 25, 2003 1:18 pm 
Nick PopeMar 25, 2003 1:21 pm 
Nick PopeMar 25, 2003 1:21 pm 
Nick PopeMar 26, 2003 1:21 am 
kare...@esat.kuleuven.ac.beMar 26, 2003 4:02 am 
Nick PopeMar 26, 2003 5:22 am 
jmessingMar 26, 2003 5:26 am 
Trevor PerrinMar 26, 2003 10:49 am 
jmessingMar 26, 2003 10:57 am 
Trevor PerrinMar 26, 2003 11:11 am 
Rich SalzMar 26, 2003 11:24 am 
Trevor PerrinMar 26, 2003 1:15 pm 
Greg AlvordMar 27, 2003 4:37 am 
Gregor KarlingerMar 27, 2003 9:01 am.bin
Trevor PerrinMar 27, 2003 1:17 pm 
Nick PopeMar 28, 2003 3:54 am 
Trevor PerrinMar 28, 2003 1:52 pm 
Nick PopeMar 29, 2003 9:35 am 
Rich SalzMar 29, 2003 10:10 am 
Trevor PerrinMar 29, 2003 10:14 am 
Rich SalzMar 29, 2003 10:36 am 
jmessingMar 29, 2003 11:19 am 
Rich SalzMar 29, 2003 11:26 am 
Trevor PerrinMar 29, 2003 11:46 am 
jmessingMar 29, 2003 12:31 pm 
Rich SalzMar 29, 2003 3:35 pm 
Trevor PerrinMar 30, 2003 1:49 am 
Gregor KarlingerMar 30, 2003 10:50 am.bin
Gregor KarlingerMar 30, 2003 11:07 am.bin
Gregor KarlingerMar 30, 2003 11:18 am.bin
Gregor KarlingerMar 30, 2003 11:23 am.bin
Gregor KarlingerMar 30, 2003 11:31 am.bin
Gregor KarlingerMar 30, 2003 11:47 am.bin
Gregor KarlingerMar 30, 2003 11:58 am.bin
Gregor KarlingerMar 30, 2003 12:14 pm.bin
Gregor KarlingerMar 30, 2003 12:23 pm.bin
Rich SalzMar 30, 2003 2:25 pm 
Gregor KarlingerMar 30, 2003 11:14 pm.bin
Gregor KarlingerMar 30, 2003 11:20 pm.bin
Gregor KarlingerMar 30, 2003 11:26 pm.bin
Gregor KarlingerMar 30, 2003 11:30 pm.bin
Gregor KarlingerMar 30, 2003 11:37 pm.bin
Trevor PerrinMar 31, 2003 1:41 am 
Gregor KarlingerMar 31, 2003 1:48 am.bin
Gregor KarlingerMar 31, 2003 1:56 am.bin
Nick PopeMar 31, 2003 4:02 am 
Anthony NadalinMar 31, 2003 5:15 am 
Karel WoutersMar 31, 2003 6:30 am 
Gregor KarlingerMar 31, 2003 7:22 am.bin
Trevor PerrinMar 31, 2003 8:46 am 
Gregor KarlingerMar 31, 2003 1:20 pm.bin
Nick PopeApr 1, 2003 1:32 am 
Karel WoutersApr 1, 2003 2:52 am 
Nick PopeApr 1, 2003 2:52 am 
Nick PopeApr 1, 2003 3:03 am 
Subject:RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
From:Gregor Karlinger (greg@cio.gv.at)
Date:Mar 30, 2003 11:23:44 am
List:org.oasis-open.lists.dss
Attachments:
bin00008.bin - 13k

Trevor,

-----Original Message----- From: Trevor Perrin [mailto:tre@trevp.net] Sent: Tuesday, March 25, 2003 9:42 PM To: Nick Pope; ds@lists.oasis-open.org Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote:

Right, but then I think you need to sign both the XML *and* the transformed, human-readable form.

For example, an XML-DSIG could have 2 references, both to the same document, one of which applies a transform to make it human-readable, the other of which doesn't.

You could sign the XML (the "transforms process input data (TPID)") as well, but it is not necessary in my use case since the relying party knows the TPID and wants to check if feeding the TPID into the transforms process leeds to the actually singned data.

So the transforms (in this and other cases) still might need to be protected. But that raises another question about this use case - is the best way to do this by putting the transforms in a ds:Manifiest? I would say it's better to include them as a signed attribute, so you're guaranteed that they're verified by a relying party.

I agree with you. Putting the additional transforms parameter into a dsig:Manifest is not the best way. A solution would be for instance to put it into a dsig:Manifest, but assign a special value for the Type attribute of the manifest.

/Gregor