blchoy
commented
3 years ago We haven't reach that state yet. Personally I looked into the possibility of using XML-DSig some years ago but noticed that there could be implementation issues. Distributed ledger could be a more promising way to do so. I understand that WMO is also looking into this. May be @efucile could say a few words on this.
As a matter of fact, as aviation MET information is being exchanged over a closed network (currently with Aeronautical Fixed Service or AFS, and in future over System Wide Information Management or SWIM environment with pub/sub and req/rep), information authenticity is guaranteed at a certain level for retrievers who connect directly to these systems. However, it may be not for consumers further downstream. So we may want to ask ourselves in first place, who needs the facilities to ensure authenticity and integrity of MET information they received and at what level of certainty (e.g. I check on my own, or no checking but have a business guarantee from upstream providers, or otherwise).
I just got a question from a Russian colleague about assuring provenance in WMO telecom. systems... and signatures were mentioned. This brought to mind Common Alerting Protocol ( http://docs.oasis-open.org/emergency/cap/v1.2/CAP-v1.2.html ) which specifically mentions use of XMLSIG. I imagine the scheme would be applicable for any XML format, but perhaps other mechanisms might be chosen. Is that how IWXXM handles the same issue?