[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Digital signature proposal
Bruce, please let me clarify this. The proposal actually consists of two parts. One part is to add files called "documentsignatures.xml" and "macrosignatures.xml", which contain document signatures and macro signatures. The situation here is the the same as for the "content.xml" and "styles.xml" files that contains a document's content or styles, and that are also identified by their name. I therefore think it is reasonable to reuse this identification mechanism for these two kind of signatures as well. The other part of the proposal actually is about adding signatures in general. The sentence that a signature stream shall include the term "signature" is actually not to be understood as an identification schema for signatures, but only as a naming guideline. Actually, there is no requirement for other kind of signatures than the two mentioned above. For this reason, if this naming guideline can be mis-understood, I would suggest that we remove it, instead of trying to find some identification schema for signatures, that we actually don't need at the moment. Bruce D'Arcus wrote: > > On Feb 16, 2007, at 6:08 AM, Michael Brauer - Sun Germany - ham02 - > Hamburg wrote: > >> Files within a package may have a digital signature applied. Digital >> signatures are stored in one or more files within the META-INF folder. >> The names of these files *shall* contain the term "signatures". > > Using file names to denote function seems like a bad idea to me. The It depends on how the files in question are used. Using the name to denote the function of a file is reasonable if there is exactly one file that has this function. That's the case for the content.xml and styles.xml, but also for the proposes documentsignatures.xml and macrosignatures.xml. If there could be multiple files that have certain function, like in the metadata case, then a more flexible identification schema is in fact required. > manifest should be used to indicate whether a file is a signature (or > something else)? Actually, the signatures are considered to be part of the package itself. That's why they are stored in the META-INF folder. I'm therefore not sure whether they should be added to the manifest at all. Michael
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]