[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: A third POC question for CPP-CPA possibly for Vienna agenda
Hi Marty, Here is a third issue stemming from Vienna POC preparations. This one pertains to packaging representations used for xmldsig and was brought to my attention from an example CPA authored by Himagiri Mukkamala. For S/MIME or OpenPGP IETF style security packaging, MIME parts can be encapsulated, and we have identified packaging by indicating what MIME entities previously enumerated are encapsulated. But when we come to XMLDsig the manner of "composition" changes significantly. Dsig signatures are normally distinguished as enveloping, enveloped, and detached according to whether the Reference points to a contained Object (enveloping), points to a node set containing itself (enveloped), or detached (uses some URI that is resolved to obtain the plaintext). For ebXML, when signing is over both header and payload, two of these modes are blended: enveloped and detached. The detached mode is referenced through a CID: style URI to a subsequent body part. The CID: URI can involve a forward reference to a not yet enumerated MIME entity, and the packaging is not by MIME composition or encapsulation, but instead by URI Reference. The packaging notation at present does not have enough expressive power to indicate this mode of "composition". We could overload "encapsulation" but that might lead to confusion. At the moment, we simply indicate that xmldsig is used in a body part (by mentioning it in a NamespaceSupported element), but we do not indicate details of usage. During POC we discovered that a potential interoperability difficulty could arise from not marking differences in capabilities pertaining to XMLDsig referencing (and the associated URIResolver classes needed to handle these references). So the question I have is how/whether to mark differences in xmldsig "packaging" capabilities within a CPP. I would like to add this topic to the joint TA security/TPA discussion session in Vienna if you think it is appropriate.
Powered by eList eXpress LLC