Re: Clarification of expected behaviour in the presence of schema validation information from Anders Rundgren on 2009-06-13 (w3c-ietf-xmldsig@w3.org from April to June 2009)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sat, 13 Jun 2009 10:12:15 +0200
To: "John Keeping" <john@metanate.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <053E03C6E1FC4F60A1A02D5942AA7710@AndersPC>

Hi John,
I'm not an authority on XML Dsig but if the schema's base64 type implies
(as you write) that white space is collapsed the problem seems to be that the
generator doesn't honor the declaration.

Regarding schema validation and XML Dsig there are numerous of problems
most notably attribute defaults that essentially are useless in signed data,
unless the signature generator is also required to interpret the schema which
I believe is fairly little supported in existing APIs.

>From a practical point-of-view I would recommend to avoid constructs
that depend on schema-aware signature validation, but ban generators
that doesn't follow the schema.

Cheers,
Anders Rundgren


----- Original Message ----- 
From: "John Keeping" <john@metanate.com>
To: <w3c-ietf-xmldsig@w3.org>
Sent: Friday, June 12, 2009 19:57
Subject: Clarification of expected behaviour in the presence of schema validation information


Hi,

We've recently implemented XML digital signature support for an XML
format with an associated schema which defines an element as type
xs:base64Binary. This implies that white space in the element's content
is to be collapsed.

Indeed, when reading in the XML file, Xerces-C generates a DOM tree in
which new lines in the content have been collapsed to single spaces.
However the digest has been calculated over text content containing the
new lines.

Given that both applications have the schema available to them, what
would you expect the behaviour to be in this case?

As far as I can see there are three possibilities:

1. The generating application collapses white space in its output in
order to be compatible with both a receiving application which has the
schema and one which does not

2. The receiving application ignores the white space directive from the
schema

3. The generating application adds an explicit xml:space="collapse"
attribute to the element


Thanks,

John

-- 
John Keeping
Metanate Ltd
www.metanate.com (Software consultancy)
www.schemus.com (Data synchronisation)

This e-mail and all attachments it may contain is confidential and
intended solely for the use of the individual to whom it is addressed.
Any views or opinions presented are those of the author and do not
necessarily represent those of Metanate Ltd.  If you are not the
intended recipient, be advised that you have received this e-mail in
error and that any use, dissemination, printing, forwarding or copying
of this e-mail is strictly prohibited.  Please contact the sender if
you have received this e-mail in error.

Received on Saturday, 13 June 2009 08:12:57 UTC