Hi, > What do you think about creating a new table signature where we store > all signatures. The structure could be: > > sign_key - serial number of the signature > data - the serialized signature > format - mainly for compatibility > object_type - request, CRR or whatever > object_key - serial of the signed object > > There is no signature without a reference to an object. Therefore it is > a good idea to store the reference not in the data table because this > costs a lot of performance. > > So what do you think about this idea? I'm happy about every comment.
I think this is a good idea because it allows to have an arbitrary number of signatures on any object. You could even go further and introduce a generic "approval handle" that can be attached to any object. A specific instance of this handle could be either a signature or an unsigned approval record. This way we could support - any number of required approvals (0..n) - any approval mechanism (Digital Signature, unsigned approval) (We also shouldn't make it too complicated, though, but I really need unsigned approvals for my project.) A drawback of your scheme is that it is very difficult to sign a larger number of objects, because this would result in many different signature objects. An approach to this would be a collection object that contains references to an abitrary number of objects that are approved using one single handle. Idea: Object Approval -- 1:1 -- Type Object -- n:1 -- Objectgroup -- 1:n -- Approval -- 1:1 -- Type Object Approval -- 1:1 -- Type Problem: Signatures are performed on data that is presented to the user. If we introduce this database centric scheme, it would be necessary to present a textual representation of this relation for signing (no problem for unsigned approval here). This might be addressed by XML Signatures where the XML components represent the objects to sign. Do you consider such an approach to be useful? I know there are a lot of problems that could arise from this, but it would be a great feature. Martin ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
