Fw: [Bug 4746] clarify SMLIF section 2 signature requirements


> A producer does not need to remove existing signatures.

Are these signatures still valid?

For example, if my model documents are signed using C14N, but the 
documents have to be changed (e.g. to add sml:ref attributes) to be 
packaged in an IF document, wouldn't my signatures all become invalid?

If it's not because of adding sml:ref attributes (the only case we know 
that we have to change packaged documents), I would say packaged documents 
must be C14N-equivalent to the original document. Or if we take the base64 
approach for the DTD issue, we could even say it must be identical to the 
original document, so that all signature algorithms (not only C14N) would 

It's not clear to me which one is less an evil:
- Require IF producers to modify model documents to add defaulted sml:ref 
attribute, and possibly break signatures
- Forbid IF producers from modifying model documents, and live with 
potential inter-op between processors who do or do not use schema to help 
locate sml references.
- Forbid IF producers from modifying model documents, and require 
consumers *not* to use schema to help locate sml references.

Sandy Gao
XML Technologies, IBM Canada
Editor, W3C XML Schema WG
Member, W3C SML WG
(1-905) 413-3255 T/L 313-3255
----- Forwarded by Sandy Gao/Toronto/IBM on 2007-11-07 03:01 PM -----

2007-11-07 01:03 PM

Sandy Gao/Toronto/IBM@IBMCA

[Bug 4746] clarify SMLIF section 2 signature requirements


kumarp@microsoft.com changed:

           What    |Removed                     |Added
             Status|NEW                         |ASSIGNED
           Keywords|needsAgreement              |hasProposal

------- Comment #3 from kumarp@microsoft.com  2007-11-07 18:03 -------
Remove all references to XML canonicalization from the specification.

Reasons / More Info:
I investigated XML signature related issues to propose answers to the 
1.      Should the SML-IF spec define whether a producer must perform XML
canonicalization before writing an SML-IF document?
2.      If documents are already signed, what should an SML-IF producer do 
the signatures if the producer wants to sign the entire document as well? 
is, should the producer strip the existing signature(s) before adding 
to SML-IF?

The XML signature spec defines a customizable and extensible method for 
XML and non-XML content. A digital signature can be embedded in the signed
document (there are 2 sub-flavors: enveloped / enveloping) or it can be
detached from the signed document. The Signature element contains a single
signature over one or more data objects. Each data object to be signed is
represented using a single Reference element (this should not be confused 
SML reference element). Each Reference element allows zero or more
transformations over original data before the digital signature is 
The XML canonicalization is just one such possible transform. A transform 
omit parts of the original data or add new one. There is no restriction on 
type or number of transforms that an application may use. One 
algorithm removes comments. One other form preserves comments. Each 
must be free to use the transforms that best fit its needs. The SML WG 
predict specific requirements for all applications based on SML therefore 
must not impose any restriction involving specific transformation. Note 
this does not harm interop. Regardless of the number and type of
transformations used, both producer and consumer apply them identically 
thus arrive at the same message digest (if there is no tampering).

The XML signature is encoded using XML elements. Even if a document 
already has
an XML signature, it can be safely packaged inside an SML-IF document. 
the SML-IF doc is itself an XML doc, it can be signed like a regular XML 
doc. A
producer does not need to remove existing signatures. Moreover, if it is
desired that existing signatures should not be included in signature
calculation of the SML-IF document, a producer can logically remove the
signatures (by defining appropriate transforms) without having to 
remove the signatures. An application must be free to use either method. 

Some references with relevant info:
1.      http://www.w3.org/TR/2001/REC-xml-c14n-20010315
2.      http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
4.      http://msdn.microsoft.com/msdnmag/issues/04/11/XMLSignatures/

Received on Wednesday, 7 November 2007 20:28:10 UTC