Lists Home |
Date Index |
I would not advise anyone to hold their breath waiting on a concensus on
a convention, but coming up with a useful convention for digital
signature and encryption varies from easy to reasonably difficult,
depending on your requirements.
Most business applications only need 'signed document' level digital
signatures, not element by element complication, and encryption can be
applied to particular elements, the whole document, or some type of
application message. Updates by multiple parties are usually better
represented by multiple versions of a document, each signed separately,
than individually signed fields. Canonicalization can be an issue, but
only when you need certain kinds of flexibility.
For full interoperability and compatibility, you have to convert XIS to
XML1.1, canonicalize, hash/sign, and then insert the signature in the
appropriate element. One option is to sign both ways, i.e. on hashes
made from XIS and XML1.1 versions, which allows a receiver to validate
the signature more cheaply if it is XIS enabled.
Encryption really isn't an issue. After you have encrypted, you have a
block of pseudo-random data no matter what you started with and that can
be the payload of an element the same in either case.
Rich Salz wrote:
>> A convention will have to be created that preserves DSIG/Encryption
>> work and is also practical.
> I would not advise anyone to hold their breath while waiting for this. :)
firstname.lastname@example.org http://www.hpti.com Personal: email@example.com http://sdw.st
Stephen D. Williams 703-724-0118W 703-995-0407Fax 20147-4622 AIM: sdw