W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2005

Re: Schema centric canonicalization - Need and status

From: Michael McIntosh <mikemci@us.ibm.com>
Date: Wed, 16 Nov 2005 10:30:36 -0500
To: Josseline <anders.rundgren@telia.com>
Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org
Message-ID: <OFD730521C.013E74B5-ON852570BB.0054FA90-852570BB.00552C61@us.ibm.com>

Why not just provide a single ds:Signature using standard canonicalization 
with one ds:Reference to the XML document and one ds:Reference to the 
Schema document?
Binds the document to the schema and therefore the schema provided 
content.




Josseline <anders.rundgren@telia.com> 
Sent by: w3c-ietf-xmldsig-request@w3.org
11/16/2005 10:17 AM
Please respond to
Josseline


To
w3c-ietf-xmldsig@w3.org
cc

Subject
Schema centric canonicalization - Need and status







Hi,
I'm working with standard for "Web Signing" [*].  In this work XML 
Schemas has been used extensively and together with XML DSig.

However, it seems that not even exclusive canonicalization is really 
fit for the task as it is not designed for schema-defined instance 
documents.  At least default attributes seems to break the current 
canonicalization algorithms.

Essentially I have two options.  Cripple schemas or invent a new 
algorithm.

None of these alternatives appear very tempting but I'm leaning 
towards the latter as the "patch" needed is fairly small.

Comments?

Anders Rundgren

*] The ability to in a browser sign a transation request or a static 
document, presented by a service provider.
Received on Wednesday, 16 November 2005 15:30:46 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Wednesday, 16 November 2005 15:30:50 GMT