W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2005

Re: Schema centric canonicalization - Need and status

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Wed, 16 Nov 2005 17:01:25 +0100 (MET)
Message-ID: <9922054.1132156885392.JavaMail.tomcat@pne-ps4-sn2>
To: mikemci@us.ibm.com
Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org

It is not binding to the schema that is the problem.  It is *using* 
the schema in the canonicalization process.  This is AFAIK currently 
not supported by XML DSig standards.

Well, you may use a reduced schema that does not alter instance data 
after validation.


----Original Message----
From: mikemci@us.ibm.com
Date: Nov 16, 2005 4:30:36 PM
To: Josseline <anders.rundgren@telia.com>
Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org
Subj: Re: Schema centric canonicalization - Need and status

Why not just provide a single ds:Signature using standard 
with one ds:Reference to the XML document and one ds:Reference to the 
Schema document?
Binds the document to the schema and therefore the schema provided 

Josseline <anders.rundgren@telia.com> 
Sent by: w3c-ietf-xmldsig-request@w3.org
11/16/2005 10:17 AM
Please respond to


Schema centric canonicalization - Need and status

I'm working with standard for "Web Signing" [*].  In this work XML 
Schemas has been used extensively and together with XML DSig.

However, it seems that not even exclusive canonicalization is really 
fit for the task as it is not designed for schema-defined instance 
documents.  At least default attributes seems to break the current 
canonicalization algorithms.

Essentially I have two options.  Cripple schemas or invent a new 

None of these alternatives appear very tempting but I'm leaning 
towards the latter as the "patch" needed is fairly small.


Anders Rundgren

*] The ability to in a browser sign a transation request or a static 
document, presented by a service provider.
Received on Wednesday, 16 November 2005 16:23:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:40 UTC