[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Security Signatures
Some business models may require 'signature over signature', not just
multiple signatures. If we provide in our header structures the ability to
sign both headers and message bodies, we may have to address a 'signature
over signature' requirement. This suggests to me that 'signature' should be
a standalone XML document, whose content includes a 'table of contents' over
which the signature has been applied.
The specification currently states in '2 Message Structure' that 'Message
Signatures are held in the Header Envelope separately from the other headers
since: o Signatures cannot sign themselves and ...'
While signatures cannot sign themselves, they can sign other signatures.
Therefore, IMO, each signature should be held in a separate body part, not
within the Header Envelope (assuming Header Envelope' is a single body
part). The scope of a signature would be defined by a 'table of content'
within the signature document.
There likely also is an architectural simplicity benefit in constraining
signatures to separate XML documents.
Cheers,
Bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC