Conclusion
- XFDL justification for binding data, presentation, and
presentation logic into the signature message.
- An XML element's markup should specify how to build
the message to be signed from the XML document.
- The XML element created to hold the signature can
also be used to hold external entities that help
render document-- "What you see is what you sign"
- Technology vs. Signature Interoperability
Signed XML is distinct from XML signatures
- Should there be support for biometric (e.g handwritten)
signatures? These cannot be expressed in XML as
they take the form obfuscate(biometric+hash)
- Also, to use existing PKI deployments with non-XML
Standards, signed XML should interoperate with
any technology providing Sign() and Verify().
XML signature engine could fit into this.
|
|
