| CARVIEW |
Select Language
HTTP/2 200
date: Wed, 08 Oct 2025 14:15:15 GMT
content-type: text/html
content-encoding: gzip
last-modified: Thu, 13 Jul 2023 17:32:00 GMT
cache-control: max-age=2592000, public
expires: Fri, 07 Nov 2025 14:15:15 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-request-id: 98b63fce9bbcb155
strict-transport-security: max-age=15552015; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: EXPIRED
set-cookie: __cf_bm=niulADienkBm5kSOF8HFM0d1ADTnpZu8iz2KC9PGM_U-1759932915-1.0.1.1-yov1q7A8xlyMMemvXlF2wQP2HsLhe6CaPCi.ACoCF3zgePdkYsM8wPMTlfAVg4ZQjE18aFrOs1ocWCNiBCaFsh3tEI5DLPrajeNyM_3kqVE; path=/; expires=Wed, 08-Oct-25 14:45:15 GMT; domain=.w3.org; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 98b63fce9bbcb155-BLR
alt-svc: h3=":443"; ma=86400
Some possible rqmt/design points from David Solo on 1999-06-15 (w3c-ietf-xmldsig@w3.org from April to June 1999)
Some possible rqmt/design points
- From: David Solo <david.solo@citicorp.com>
- Date: Tue, 15 Jun 1999 17:44:34 -0400
- To: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
- Cc: "david.solo@citicorp.com" <david.solo@citicorp.com>
- Message-Id: <199906152053.QAA23075@egate3.citicorp.com>
Additional thoughts from my notes on the requirements front. Some of these may be in between requirements and design, and aren't in a particular order. Also, they're in the spirit of trying to leverage much of the CMS experience. I think attention to the validation logic is particularly important. (By the way, I know I included the "no criticality" point twice) - Ability to associate attributes with the signature - there should be support for both authenticated attributes (covered by the signature) and unauthenticated attributes (not covered by the signature) - attributes should be treated consistently (i.e. not specifying some in the base signature structure and others in an attribute bucket - put them all in the bucket) - attributes are a type and value combination - some set of standard attributes should be defined, but adding others must be straightforward (list in Brown is a good start) - NO criticality flags - Ability to carry a range of explicitly typed infrastructure credentials including public key certificates, attribute certificates, KM tokens, revocation/status data objects - Ability to specific algorithms independently and to reference the algorithms linked to standard algorithm specifications (e.g. OIDs) - Provide a content structure (manifest) supporting multiple objects, references, entries should include explicit content type information - Specify unambiguous validation rules including: - rules on expansion of link/references (probably none) - explicit hash calculation between content elements and attributes - default minimum semantics and pass/fail criteria (mathematical signature validation). Additional semantics via attached attributes - NO criticality flags - how to handle multiple signatures (valid if all signatures are OK) - Multiple signature may be included and each signature shall be associated with information to identify the signer and/or the cryptographic information required to validate the signature - From an implementation perspective, the ability to leverage existing cryptographic (and infrastructure?) provider primitives is desirable. All for now, Dave
Received on Tuesday, 15 June 1999 17:42:51 UTC