Jason Foster wrote: > Now that the W3 has recommended xml-signature, does it make sense to > try and figure out how to incorporate it into the Cocoon pipeline model? > I've put a (very) little thought into this and I'm not sure what > approach makes the most sense. For documents serialized as XML, then > a modification to the XMLSerializer should work. For other > serializers where you can't easily add XML content, then my guess is > that you have to go "out of band". > Unfortunately the "definition" of a serializer is that it is the last > thing in a pipeline. It isn't (I think) possible using the current > sitemap semantics to define something that takes place after the > serializer, which means calculating the signature of the generated > content is impossible. > > Does anyone else see value in this, and if so, how would you add this > functionality?
What about a SigningTransformer and a VerifyingTransformer ? The SigningTransformer would then sign the referenced portions as the last transformer in a pipeline; the VerifyingTransformer would check the signatures as the first transformer, either passing the correct content through or somehow marking the content or signature as invalid. I hope I understood the spec correctly so far; I guess that the specification does not apply to other content than serialized XML. Best regards, Michael Hartle, Hartle & Klug GbR --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
