[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Trust

• To: "XML-Dev (E-mail)" <xml-dev@l...>
• Subject: Re: Trust
• From: "Thomas B. Passin" <tpassin@c...>
• Date: Thu, 01 Aug 2002 09:40:11 -0400
• References: <0C40487724347D48B2BB449D87B9B4EF05E261@C...>

[Hodder, Ed]

>
> Leaving aside the fact that XBRL itself has nothing to do with security is
> XML Signature Syntax and Processing, or something like it, far enough
along
> at this point to make this kind of assertion? Is it possible today for
> software to discover a resource somewhere out in the wild and verify that
it
> in fact originated from company XYZ?

Yes, modulo believing in the validity of a digital certificate.  I am not
referring to anything specifically xml-ish though, just documents in
general.  If you can decode something using a public key, then only one
private key could have been used to sign it.  The certificate vouches for
that private key.  Who vouches for the certificate?  Ahh, the certificate
issuer.  Who used that private key to do the job?  Umm...

Cheers,

Tom P

• References:
  • Trust
    • From: "Hodder, Ed" <Ed.Hodder@B...>

• Prev by Date: AW: Empty tag with attribute effective for parsing?
• Next by Date: Re: Re: URIs, concrete (was Re: Un-ask the question)
• Previous by thread: Trust
• Next by thread: RE: External parsed general entities
• Index(es):
  • Date
  • Thread