Are signatures beyond the scope of XML?

Chris Smith smith at
Mon Mar 2 22:39:15 GMT 1998

On Mon, 2 Mar 1998, Bill la Forge wrote:

> I've noticed some mention of XML for electronic commerce (inter at ctive
> week, 2/16/98) and as an alternative to EDI (XML A Primer by Simon St. 
> Laurent, p193).
> I think it would be great if we could do things like XML certificates, as
> well. But many of these things require signing. Say, something like this:
> But "the thing signed" may itself contain XML. Is this asking too much of
> an XML application, that it both process the contents of the signature
> element, while providing access to the byte array of the contents for
> signature verification?

Take a look at Open Trading Protocol at - getting
something like this to work was critical to the overall protocol
effort. It's too big to go into here, and we spent a good amount of
time on the wording - I'd rather not try and paraphrase when the
original is readily available.

The details on signing (and message authentication in general) are in
Part 2 of the specification. More details about OTP in general are
available on the site.

 Chris Smith                                          <smith at>

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at
Archived as:
To (un)subscribe, mailto:majordomo at the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at

More information about the Xml-dev mailing list