W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2013

Re: Canonicalized XML version 2.0 — an Objective-C streaming implementation

From: pratik datta <pratik.datta@oracle.com>
Date: Tue, 26 Feb 2013 08:56:23 -0800
Message-ID: <512CE937.4090000@oracle.com>
To: Jim Dovey <jdovey@kobo.com>, public-xmlsec@w3.org
Jim,
If streaming is what you are interested in, there is a way to do a 
streaming implementation for a subset of exclusive/inclusive Canonical 
XML 1.x.  This is a very common subset , and many of the existing 
implementations support this subset only  to have higher performance.  
Canonical XML 2.0 restricts to this subset and adds a few more features 
which do not affect streaming.

 From the spec point of view, Canonical XML 2.0 is not compatible with 
XML Signature 1.1.  (This is because the the contract between XML 
signature 1.1 and any canonical algorithm is an arbitrary XPath nodeset, 
whereas Canonical XML 2.0  does not accept a completely generic nodeset, 
instead it just accepts subtrees with exclusions.)   So if you are only 
planning to implement XML signature 1.0 and not  XML Signature 2.0, then 
it is better that you only implement Canonical XML 1.1

The recommended implementation for Canonical XML 2.0, is derived from 
what implementers were already doing for efficient Exclusive/Inclusive 
Canonical XML 1.x implementation, so your current implementation of 2.0 
can be very easily modified to be an efficient canonical xml 1.x 
implementation just by removing the extra features that were introduced 
in 2.0

In fact I am thinking that it might be worth it to create an 
"Implementers note" on XML signature 1.x and Canonical XML 1.x to put 
together all the implementation experience into a document so that new 
implementations do not have to rediscover all gotchas and performance 
improvements.

Pratik



On 2/15/2013 8:23 AM, Jim Dovey wrote:
> Greetings all.
>
> I was advised by Frederick Hirsch at the W3C eBooks workshop this week 
> that Canonicalized XML v2.0 is languishing in a state of 
> non-implementation right now. After clearing it all with my boss, I'd 
> like to point you to an Objective-C implementation that I put together 
> a few months back as part of an OO XML library which ultimately never 
> saw the light of day (its ideas instead went into a C++11 library 
> which will be announced quite soon).
>
> The library is hosted on my Github account here: 
> <https://github.com/AlanQuatermain/AQXML>
>
> Please look to the README file for links to the Canonicalization 
> implementation itself. Note that it handles published versions of the 
> canonicalization algorithms through libxml's implementations, while 
> v2.0 is implemented primarily using a streaming parser. There's a 
> tree-based version in there, but I can't recall ever testing that. The 
> streaming version is, however, fully tested using the test cases from 
> both this revision and all prior revisions of the standards; all the 
> relevant code is in the EPubXMLTests subfolder.
>
> Mac users here can open the project with Xcode 4.6 and run the unit 
> tests by pressing ⌘U; this will compile the project first.
>
> My thanks to Frederick for advising that I could be of some use in 
> this manner. I hope to join the WG soon under the auspices of Kobo's 
> parent company, Rakuten, to provide assistance in a more direct manner 
> in future.
>
> Cheers,
> -Jim
> *_________________________________________*
> *Jim Dovey*
> Digital Content Format Evangelist | Kobo Inc.
> jdovey@kobo.com <mailto:jdovey@kobo.com>
> C: (416) 716-0413
> 135 Liberty St. | Suite 101 | Toronto, ON  | M6K 1A7
>
>
Received on Tuesday, 26 February 2013 16:56:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 February 2013 16:56:57 GMT