Here's a use-case:I aggregate entries from several sources and create a composite feed. I want entries that were signed in the source feeds to still carry their original signatures in the composite feed, so that parsers can check that the entry has not been modified since it was issued by the original source.
A particular instance of this use-case is in education, where learning systems might export entries as part of evidence of learning (for example, posts from a collaborative course blog), which are then aggregated by the learner to create a single view across all their evidence from multiple providers. If this view is then published and used to support a claim (say, of skill competency), its important to be able to tell whether individual entries were modified by the learner after they were obtained from the providers.
For this use-case, option 2 must be possible. Scott Wilson http://www.cetis.ac.uk On 21 Jun 2005, at 07:15, James M Snell wrote:
OK, thanks to the feedback that has already been offered in this thread I've been able to make progress on the XML Encryption side of this. Now to the digital signature side. I'd like to get some opinions on the following question:The spec already allows enveloped XML signatures for the document. Question: should we only allow signing of the entire document or are there valid use cases for allowing each individual entry in the feed to be individually signed? e.g.<!-- Sign entire document --> <feed> <entry /> <entry /> <Signature /> </feed> or <!-- Each entry could have it's own signature. --> <feed> <entry> <Signature /> <!-- covers the containing <entry /> --> </entry> </feed> or <!-- One signature for the feed, covering specific entries --> <feed> <entry> <id>urn:abc...</id> </entry> <Signature><!-- use transform to select only the entry with id = urn:abc... --></Signature> </feed>I'm quite happy with limiting it to the first as I don't really see much of a reason to support the second and third examples, but wanted to see if anyone had any opinions or use cases that could justify the ability to independently sign individual entries within a feed.- James
smime.p7s
Description: S/MIME cryptographic signature
