[
Lists Home |
Date Index |
Thread Index
]
Dennis Sosnoski wrote:
> This suggests to me that XML DSig is basically a questionable idea. Why
> the obsession with text? It seems like doing this at the Infoset level
> would be much simpler (and much more efficient).
(XML DSIG and XML-Encryption are based on the XPath 1.0 model.)
Cryptography works on bytes. Since there is no standard serialization
for an Infoset, and since you can create infosets that are
unserializable, you cannot build cryptographic functions such as
signature and encryption without first solving those problems.
Or, you can say that the fact that security relies on bytes means that
the whole infoset approach will fail because security is more important
than an abstract information model. :)
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
