Re: Canonical XML 2.0 Conformance Profiles from Meiko Jensen on 2010-09-03 (public-xmlsec@w3.org from September 2010)

From: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>
Date: 3 Sep 2010 10:25:57 +0200
To: Frederick.Hirsch@nokia.com
Cc: public-xmlsec@w3.org
Message-ID: <4C80B115.4090700@ruhr-uni-bochum.de>
Frederick.Hirsch@nokia.com schrieb:
> To repeat what I think you said, Does this mean there are really two conformance levels?
>
> 1. Support C14N2 with defaults as listed for all parameters. All other parameters not at default settings are optional.
>
> 2. Also support ExclusiveMode, InclusiveNamespace, IgnoreComments and XmlAncestors parameters with values other then defaults.
>   
I'm saying that, yes, you could read the spec document both ways. By
now, the spec says (in 2.2.1) "Implementations may not support all of
these parameters. We have identified the following profiles.", but it
does not explicitly say how these profiles relate to conformance (i.e.
whether all of these profiles have to be supported, at least one of
them, or none of them...). I also remember Pratik saying that
implementers were allowed to decide upon which profiles they support,
meaning them to be optional.

Besides that I'd also like to point to the fact that both definitions of
conformance imply that all our new parameters (such as TrimTextNodes,
prefixRewriting etc.) are optional to implement. Hence, the difference
between C14N1.X and C14N2.0 turns out to merely be suggesting a list of
optional-to-implement, optional-to-use new params, and to require
backward compatibility. I have to admit that I'm not really satisfied
with this, since---to me---those new parameters are very useful in
practice, but if they remain optional, this means that you can never
rely on that your signature peer (i.e. in most cases the verifier)
supports the same set of XML Signatures as you do. We're fuzzying the
feature list of the XML Signature spec bundle here, and frankly, I'm not
sure this is a good approach for a soon-to-be standard document.

just my $.02

cheers

Meiko
>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Sep 2, 2010, at 8:24 AM, ext Meiko Jensen wrote:
>
>   
>> I've taken a look at the conformance profiles of canonical XML 2.0 as
>> published on August 31st.
>>
>> By now it seems that this specification---as it is now---implicitly
>> supports three different levels of "REQUIRED/OPTIONAL" for conformance.
>>
>> The first level is shaped by the default values for all parameters:
>> since this is the default, *every* conforming implementation must
>> support this configuration.
>>
>> The second level is shaped by the three "conformance profiles"
>> explicitly listed in section 2.2.1:
>> -ExclusiveMode="true" must be supported for the "1.x features" and "1.x
>> Simple Exclusive" profile (and I'd recommend it as well for streaming),
>> but since its default value is "false", a conforming implementation must
>> support this one in full.
>> -InclusiveNamespace must be supported as well, though default being an
>> empty list
>> -IgnoreComments="false" must be supported for "1.x features"
>> conformance, though default is "true"
>> -XmlAncestors="none" must be supported for "1.x features", though
>> default is "inherit"
>> Hence, these 4 parameters (and all of their combinations) are REQUIRED
>> to implement for conformance with the spec.
>>
>> The third level is shaped by all parameters listed in the spec, but
>> which are not deviating from their default values for any of the given
>> profiles. Hence---as I read it now---these are  OPTIONAL to implement.
>> -SortAttributes: though being listed explicitly in all the profiles, its
>> value is always set to "true", hence it is not required to support the
>> "false" case for any of the profiles nor the default.
>> -TrimTextNodes: always set to "false" => OPTIONAL
>> -Serialization: always set to XML => OPTIONAL (btw: the spec says
>> "serializeXML" as default, "Xml" as value in the profiles, and "XML" as
>> enum value in the XML Schema. Should be unified)
>> -PrefixRewrite: always set to "none", rendering "sequential" and
>> "derived" OPTIONAL
>> -QNameAware="": listed explicitly, but for conformance it is only
>> REQUIRED to support the empty version of this parameter (which means
>> doing nothing about this). => OPTIONAL
>>
>> The implicit 4th level is that people might start creating their own
>> parameters and switches here, but I think that's out of scope for the
>> specification.
>>
>>
>> To resume, we require only the conformance to the backward-compatibility
>> profiles. Everything "new" is rendered OPTIONAL, hence will not affect
>> conformance nor interops, right?
>>
>> This should close my Action-625 for now.
>>
>> best regards
>>
>> Meiko
>>
>> -- 
>> Dipl.-Inf. Meiko Jensen
>> Chair for Network and Data Security 
>> Horst Görtz Institute for IT-Security 
>> Ruhr University Bochum, Germany
>> _____________________________
>> Universitätsstr. 150, Geb. ID 2/411
>> D-44801 Bochum, Germany
>> Phone: +49 (0) 234 / 32-26796
>> Telefax: +49 (0) 234 / 32-14347
>> http:// www.nds.rub.de
>>
>>
>>     
>
>   

-- 
Dipl.-Inf. Meiko Jensen
Chair for Network and Data Security 
Horst Görtz Institute for IT-Security 
Ruhr University Bochum, Germany
_____________________________
Universitätsstr. 150, Geb. ID 2/411
D-44801 Bochum, Germany
Phone: +49 (0) 234 / 32-26796
Telefax: +49 (0) 234 / 32-14347
http:// www.nds.rub.de
Received on Friday, 3 September 2010 08:26:27 UTC