- From: Ed Simon <edsimon@xmlsec.com>
- Date: Tue, 21 Sep 2010 13:31:02 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
A couple of more general comments (I emphasize these are my opinions, not necessarily those of the XML Signature WG)... Comparison With XML Signature ----------------------------- The Magic Signatures specification alludes to drawbacks of using XML Signature in certain applications. Though it is understandable that one would to state the raison d'ĂȘtre for creating a new digital signature specification, I recommend an approach that allows designers to select which approach (Magic Signatures or XML Signature) might be most suitable for their applications. Such wording might go like this: >>> XML Signature includes XML-aware capabilities that enable XML instances to be signed without base64-encoding or otherwise obfuscating or significantly altering the original XML instance. This can be useful when XML data needs to be signed but remain intact for downstream processing before signature validation or the removal of the XML Signature. In contrast, Magic Signature base64-encode the data they sign, including XML data. The minimalist approach to Magic Signatures allows them to be serialized into a variety of data formats; XML Signature, in contrast, must be in the form of an XML instance at signing time and at signature validation. In addition, XML Signature includes features that allow for multiple data objects to be signed in one signature, transforms to select which parts of those data objects are signed, and other capabilities. Use of these advanced features naturally entails additional complexity for application designers and coders. Magic Signatures are a complementary approach for applications that do not need those capabilities of XML Signature. <<< Magic Signature Structural Validation ------------------------------------- I find it to be a contradiction, including in RFC 4287 (Atom), to state in a specification that XML instances must have a certain data structure (these elements, these attributes, etc.) and then say no structural validation, as one would do with some kind of XML schema (DTD, XML Schema, Relax NG, etc.), is required. Why have requirements that must be executed by machines in human-only language when it is quite simple to have those requirements expressed in a machine-readable language. I can understand the specification not requiring a separate schema-validation step, but that does not exclude the specification from defining some kind of XML schema (my personal preference is for RELAX NG) for those processors that would like to validate the structure of XML instances. Frankly, for security-critical applications (such as digital signing), I consider data structure validation critical for helping prevent attacks. That data structure validation must be done using a normative machine-readable schema. Ed -- ======================================== Ed Simon, XMLsec Inc. 613-726-9645 edsimon@xmlsec.com
Received on Tuesday, 21 September 2010 17:31:35 UTC