enveloping, batching, signing
Rob Seaman
seaman at noao.edu
Mon Feb 4 12:46:02 PST 2008
On Feb 4, 2008, at 1:21 PM, Rick Wagner wrote:
> Is there a use case where an aggregator type of service may be
> publishing VOEvents signed by others?
Well, no - because aggregators relay packets published by others. A
signature (or insecure checksum) is ultimately a mechanism for
guaranteeing the integrity of packets published upstream as they are
relayed and relayed again. Intermediate brokers may well sign a
packet published by others, however. I don't see how this
distinguishes between instantiating the signature within or outside
the <VOEvent> element, however, since there is already a XSLT-based
scheme for excising signatures and norming the remaining content.
> Barring that, I think a digitally signed envelope is sufficient, and
> general enough that it could be applied to other services in the
> future.
The question of "Sufficiency" is what we're trafficking in. Is a
general purpose envelope sufficient for all VOEvent (and perhaps VO)
signing purposes? Are there additional advantages to envelopes?
- Rob
More information about the voevent
mailing list