Scott's Workblog

This blog has moved! Go to my new blog!

February 24, 2006

XML signing - time for a change?

Johannes Ernst strikes a chord with me on digital signatures for XML. The whole business of canonicalization (and other esoterica) is a real pain in both practice and in principle. If you don't believe me, try generating and verifying a signed XML message. See?

Anyway, Johannes makes a useful suggestion here, which I think could really solve a big problem with e-Portfolios - removing the difficulties of signing individual XML fragments within larger documents or data sets.

Nice to see also that this idea meets with the approval of Peter Gutmann, author of quite a few works that I've made use of.

OK, next question, guys - how would you sign an RDF graph?

main archive