W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2002

Re: c14n/exc-c14n interop samples

From: Aleksey Sanin <aleksey@aleksey.com>
Date: Fri, 31 May 2002 10:40:46 -0700
Message-ID: <3CF7B59E.9010408@aleksey.com>
To: merlin <merlin@baltimore.ie>
Cc: w3c-ietf-xmldsig@w3.org
Merlin,

Thanks for  your explanation. I agree with you that your result
seems correct. However, the C14N spec has following example:

Section 3.3 (http://www.w3.org/TR/xml-c14n#Example-SETags)
    <e6 xmlns="" xmlns:a="http://www.w3.org">
      <e7 xmlns="http://www.ietf.org">
         <e8 xmlns="" xmlns:a="http://www.w3.org">
            <e9 xmlns="" xmlns:a="http://www.ietf.org"/>
         </e8>
      </e7>
   </e6>

    is canonicalized to

    <e6 xmlns:a="http://www.w3.org">
      <e7 xmlns="http://www.ietf.org">
         <e8 xmlns="">
            <e9 xmlns:a="http://www.ietf.org" attr="default"></e9>
         </e8>
      </e7>
   </e6>

Can you explain why there is no xmlns:a="http://www.w3.org" declaration
in <e8>, please?


Thanks,
Aleksey





merlin wrote:

>This is *NOT* the same node set as the result of just
>ancestor-or-self::bar:Something; it is the following
>(showing the namespace axis explicitly, and omitted
>nodes in []):
>  [foo:Root ... ]
>    <bar:Something xmlns:bar="http://example.org/bar"
>                   [xmlns:baz="http://example.org/baz"]
>                   [xmlns:foo="http://example.org/foo"]
>                   [xmlns="http://example.org/"]>
>       <foo:Something [xmlns:bar="http://example.org/bar"]
>                      [xmlns:baz="http://example.org/baz"]
>                      xmlns:foo="http://example.org/foo"
>                      [xmlns="http://example.org/"]>
>          <bar:Something xmlns:bar="http://example.org/bar"
>                         [xmlns:baz="http://example.org/baz"]
>                         [xmlns:foo="http://example.org/foo"]
>                         [xmlns="http://example.org/"]>
>             <foo:Something [xmlns:bar="http://example.org/bar"]
>                            [xmlns:baz="http://example.org/baz"]
>                            xmlns:foo="http://example.org/foo"
>                            [xmlns="http://example.org/"]>
>               <baz:Something [xmlns:bar="http://example.org/bar"]
>                              xmlns:baz="http://example.org/baz"
>                              [xmlns:foo="http://example.org/foo"]
>                              [xmlns="http://example.org/"] />
>             </foo:Something>
>          </bar:Something>
>       </foo:Something>
>    </bar:Something>
>    [Signature ... /]
>  [/foo:Root]
>
>Now, according to the XPath spec (which you quote in your
>next mail), a namespace node is only suppressed if
>the nearest ancestor element of its parent element that is
>in the node set has a namespace node in the node set with
>the same local-name and value. For the namespace nodes
>of the second bar:Something and foo:Something elements,
>this condition is not met; although those matching
>namespace nodes do exist, they are not *in the node set*.
>Hence my c14n. Now I will grant that this is not a normal
>case, and that I may be in error, however I don't think so.
>
>Merlin
>
>  
>
>>With best regards,
>>
>>Aleksey Sanin
>>XML Security Library <http://www.aleksey.com/xmlsec>.
>>
>>
>>
>>merlin wrote:
>>
>>    
>>
>>>Hi,
>>>
>>>Attached is a signature with 9 XPath-transformed examples
>>>run through c14, exc-c14n and exc-c14n with an inclusive
>>>namespace prefix list. The XPath transforms variously
>>>manipulate the namespace axis to demonstrate c14n behaviour
>>>in different situations. For example:
>>>
>>><foo:Root xmlns:bar="http://example.org/bar"
>>>         xmlns:baz="http://example.org/baz" 
>>>         xmlns:foo="http://example.org/foo"
>>>         xmlns="http://example.org/"
>>>         xml:lang="en-ie">
>>> <bar:Something>
>>>    <foo:Something>
>>>       <bar:Something>
>>>          <foo:Something>
>>>            <baz:Something />
>>>          </foo:Something>
>>>       </bar:Something>
>>>    </foo:Something>
>>> </bar:Something>
>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" ... />
>>></foo:Root
>>>
>>>The following XPath selects the bar:Something subtree, but
>>>only includes namespace nodes that are directly used by their
>>>parent element.
>>>
>>> ancestor-or-self::bar:Something  and
>>> (self::text()  or
>>>  (namespace-uri() != "")  or
>>>  (string(self::node()) = namespace-uri(parent::node())))
>>>
>>>I believe that the canonical form is then:
>>>
>>><bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
>>>    <foo:Something xmlns:foo="http://example.org/foo">
>>>       <bar:Something xmlns:bar="http://example.org/bar">
>>>          <foo:Something xmlns:foo="http://example.org/foo">
>>>            <baz:Something xmlns:baz="http://example.org/baz"></baz:Somethin
>>>      
>>>
>>g>
>>    
>>
>>>          </foo:Something>
>>>       </bar:Something>
>>>    </foo:Something>
>>> </bar:Something>
>>>
>>>And I believe that the exclusive canonical form is:
>>>
>>><bar:Something xmlns:bar="http://example.org/bar">
>>>    <foo:Something xmlns:foo="http://example.org/foo">
>>>       <bar:Something>
>>>          <foo:Something>
>>>            <baz:Something xmlns:baz="http://example.org/baz"></baz:Somethin
>>>      
>>>
>>g>
>>    
>>
>>>          </foo:Something>
>>>       </bar:Something>
>>>    </foo:Something>
>>> </bar:Something>
>>>
>>>Merlin
>>> 
>>>
>>>      
>>>
>>    
>>
>
>
>-----------------------------------------------------------------------------
>The information contained in this message is confidential and is intended
>for the addressee(s) only.  If you have received this message in error or
>there are any problems please notify the originator immediately.  The 
>unauthorised use, disclosure, copying or alteration of this message is 
>strictly forbidden. Baltimore Technologies plc will not be liable for
>direct, special, indirect or consequential damages arising from alteration
>of the contents of this message by a third party or as a result of any 
>virus being passed on.
>
>This footnote confirms that this email message has been swept for Content
>Security threats, including computer viruses.
>http://www.baltimore.com
>  
>
Received on Friday, 31 May 2002 13:39:53 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:15 GMT