Are signatures beyond the scope of XML?

Chris Smith smith at interlog.com
Mon Mar 2 22:39:15 GMT 1998


On Mon, 2 Mar 1998, Bill la Forge wrote:

> I've noticed some mention of XML for electronic commerce (inter at ctive
> week, 2/16/98) and as an alternative to EDI (XML A Primer by Simon St. 
> Laurent, p193).
> 
> I think it would be great if we could do things like XML certificates, as
> well. But many of these things require signing. Say, something like this:
> 
> <SIGNATURE ALGORITHM="PGP" SIGNED="JKLJKLJKLJKJKLJKLJKLJKLJKL==">the thing signed</SIGNATURE>
> 
> But "the thing signed" may itself contain XML. Is this asking too much of
> an XML application, that it both process the contents of the signature
> element, while providing access to the byte array of the contents for
> signature verification?

Take a look at Open Trading Protocol at http://www.otp.org - getting
something like this to work was critical to the overall protocol
effort. It's too big to go into here, and we spent a good amount of
time on the wording - I'd rather not try and paraphrase when the
original is readily available.

The details on signing (and message authentication in general) are in
Part 2 of the specification. More details about OTP in general are
available on the site.

---------------------------------------------------------------------------
 Chris Smith                                          <smith at interlog.com>



xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)




More information about the Xml-dev mailing list