W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Alternative XML C14N: Document Subsets

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Sat, 3 Jun 2000 13:27:23 +0200
To: "John Boyer" <jboyer@PureEdge.com>
Cc: "XML" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDOENFCFAA.gregor.karlinger@iaik.at>
Hi John,

I think the approach you are using in section 5 of the alternative C14N
draft,
is impractical for the main use case inside XML-Signature, namely the c14n
of
the SignedInfo Element. Consider the following (simplified) example:

<MyDocument>
  <PoemFragment xml:space='preserve'>
    Und blicket sie lange verwundert an;
    Drauf spricht er: „Es ist euch gelungen,
    Ihr habt das Herz mir bezwungen,
    Und die Treue, sie ist doch kein kein leerer Wahn –
    So nehmet auch mich zum Genossen an.
    Ich sei, Gewährt mir die Bitte,
    In eurem Bunde der Dritte.
  </PoemFragment>
  <PoemAuthor>
    Friedrich von Schiller
  </PoemAuthor>
  <MySignatureContainer>
    <Signature>
      <SignedInfo Id='SignedInfoId'>
        [...]
      </SignedInfo>
      [...]
    </Signature>
  </MySignatureContainer>
</MyDocument>

Now, I'd like to c14n my SignedInfo element. Refereing to the new draft,
I have to do the following:

* Set context node to document's root node

* Additionally specify my special XPath expression, which is
  "//SignedInfo[Id='SignedInfoId']"

The computation of the XPath results in:

  <PoemFragment xml:space='preserve'>
    Und blicket sie lange verwundert an;
    Drauf spricht er: „Es ist euch gelungen,
    Ihr habt das Herz mir bezwungen,
    Und die Treue, sie ist doch kein kein leerer Wahn –
    So nehmet auch mich zum Genossen an.
    Ich sei, Gewährt mir die Bitte,
    In eurem Bunde der Dritte.
  </PoemFragment>
  <SignedInfo Id='SignedInfoId'>
    [...]
  </SignedInfo>

which is definitely not the result I would like to have.

I don't see a way how to resolve the problem with xml:space and
xml:lang this way, because the preserving these attributes also
effect the output result.

I think there must be a different process to be applied for
document subsets. Part of this process is to collect the necessary
information about theses attributes AS PART OF THIS PROCESSS, but
not by specifying a XPath which collects the information.

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Saturday, 3 June 2000 07:27:22 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT