[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: In a VerifyRequest we need to disambiguate
Dear all, In a <dss:VerifyRequest> we need some disambiguation in the case of a request carrying multiple <dss:DocumentHash>, <dss:TransformedData> or a combination of those having the same RefURI. Although I have to admit that this is a corner case, it is not so unlikely as Signatures created with SignedReferences allow to create multiple <ds:References> from the same input document and hence they may having the same URI. Section 4.3 point 2. variant b. and also variant c. now ask to check the matching <ds:Transforms> or the <ds:Transforms> and the <ds:DigestMethod> to the <ds:References> inside the Signatures <ds:SignedInfo>. However as the <ds:Transforms> and the <ds:DigestMethod> can be arbitrarily complex like for example an XSLT <ds:Transform> bearing the <xsl:sylesheet> directly, this can be very hard and expensive to do. It might even out the usefulness of <dss:DocumentHash>, <dss:TransformedData> for such cases. The comparison could amount to context free extract of the <ds:Transforms> and <ds:DigestMethod> elements and the need to canonicalize them if a true matching as required in section 4.3 point 2 should be done. A straight forward solution to get rid of this problems would be to introduce an attribute called <xs:attribute name="WhichReference" type="xs:integer" use="optional"/> that identifies a reference and is required in the case of a supplied <dss:TransformedData> or <dss:DocumentHash> and would allow to ignore the given <ds:Transforms> or the <ds:Transforms> and the <ds:DigestMethod> respectively. thoughts ? regards Konard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]