I think the addition of the <any> element to the ContentObject is not a good idea.It now means that you cannot truely validate that element - simply because *any* element can now appear there from any namespace.
It seems that this element is being used *primarily* for digital signatures. However, it then forces you to put your digital signature inside the content object. It does not then allow you to sign the entire EDXL statement, would would be a common occurrence as well.
I am not sure if the examples given in Appendix B are correct (the 2nd example) as the digital signatures don't seem to be referring to any content/resource that they are signing. For example, using the "enveloped-signature" transforms needs you to reference the bit of XML that you are signing? This then means that you usually need an additional id attribute in some other XML parent element.
As I showed in previous emails, we can simplify this but support just one <xmlContent> element and then allowing, if required the encrypted and signed payload in there.
Consider the first payload from example 2 on Appendix B, it could be re-expressed as:
<KeyName>deskey.bin</KeyName> </KeyInfo> <CipherData> <CipherValue></CipherValue> </CipherData> </EncryptedData>
<SignedInfo> etc... </SignedInfo> <SignatureValue>data</SignatureValue> <KeyInfo> <KeyName>rsakey.pem</KeyName> </KeyInfo> </Signature> �� �</xmlContent> That is, all the payload is inside the <xmlContent> including the encryption and signature. Cheers...� Renato Iannella National ICT Australia (NICTA)
--------------------------------------------------------------------------
This email and any attachments may be confidential. They may contain legally
privileged information or copyright material. You should not read, copy,
use or disclose them without authorisation. If you are not an intended
recipient, please contact us at once by return email and then delete both
messages. We do not accept liability in connection with computer virus,
data corruption, delay, interruption, unauthorised access or unauthorised
amendment. This notice should not be removed.
|
|