> I've noticed some mention of XML for electronic commerce (inter@ctive
> week, 2/16/98) and as an alternative to EDI (XML A Primer by Simon St.
> Laurent, p193).
>
> I think it would be great if we could do things like XML certificates, as
> well. But many of these things require signing. Say, something like this:
>
> <SIGNATURE ALGORITHM="PGP" SIGNED="JKLJKLJKLJKJKLJKLJKLJKLJKL==">the thing signed</SIGNATURE>
>
> But "the thing signed" may itself contain XML. Is this asking too much of
> an XML application, that it both process the contents of the signature
> element, while providing access to the byte array of the contents for
> signature verification?
Take a look at Open Trading Protocol at http://www.otp.org - getting
something like this to work was critical to the overall protocol
effort. It's too big to go into here, and we spent a good amount of
time on the wording - I'd rather not try and paraphrase when the
original is readily available.
The details on signing (and message authentication in general) are in
Part 2 of the specification. More details about OTP in general are
available on the site.
---------------------------------------------------------------------------
Chris Smith <smith@interlog.com>