- From: Ed Simon <edsimon@xmlsec.com>
- Date: Mon, 29 Oct 2007 12:47:51 -0400
- To: <drsecure@us.ibm.com>, <pbaker@verisign.com>
- Cc: <public-xmlsec-maintwg@w3.org>, <public-xmlsec-maintwg-request@w3.org>, <tlr@w3.org>
- Message-ID: <001101c81a4b$7e568d50$6800a8c0@XMLSEC004>
Supplementing what Phill said... One does not have to canonicalize XML references just because they are XML; one only has to canonicalize them if they will be read and rewritten by an intermediate proxy. However, there is still canonicalization for the signature's <SignedInfo> element and canonicalization is necessary for that because, in reading the signature, the validator is sort of a proxy. Yet because <SignedInfo> is part of the XML Signature specification, we can create our own namespace-specific canonicalization that is: a) specialized for our purposes; b) easy to implement; and c) highly performant. By "specialized for our purposes", I specifically mean that in the v2.0 we remove the <SignedInfo>/<CanonicalizationMethod> and define a byte-by-byte syntax of what <SignedInfo> is from a validator's perspective -- the key goal being to minimize the variability and complex functionality that makes general canonicalization so resource-consuming (and, in my view, ultimately unnecessary). I will discuss this more in my presentation. Ed _____________________________ Ed Simon <edsimon@xmlsec.com> Principal, XMLsec Inc. (613) 726-9645 Interested in XML, Web Services, or Security? Visit " <http://www.xmlsec.com/> http://www.xmlsec.com". New! "Privacy Protection for E-Services" published by Idea Group (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML, and SAML". See the Table of Contents here: " <http://tinyurl.com/rukr4> http://tinyurl.com/rukr4". _____ From: public-xmlsec-maintwg-request@w3.org [mailto:public-xmlsec-maintwg-request@w3.org] On Behalf Of Anthony Nadalin Sent: October 29, 2007 11:59 To: Hallam-Baker, Phillip Cc: public-xmlsec-maintwg@w3.org; public-xmlsec-maintwg-request@w3.org; Thomas Roessler Subject: RE: Initial thoughts on chartering So I think there are cases where C14N is not needed at all (as you point out) and there are cases where we can limit this to the sender and eliminate from the receiver. So I would like to see these topics on the charter discussions. Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 Inactive hide details for "Hallam-Baker, Phillip" ---10/29/2007 10:34:27 AM---How little canonicalization do you want to do?"Hallam-Baker, Phillip" ---10/29/2007 10:34:27 AM---How little canonicalization do you want to do? From: "Hallam-Baker, Phillip" <pbaker@verisign.com> To: Anthony Nadalin/Austin/IBM@IBMUS, "Thomas Roessler" <tlr@w3.org> Cc: <public-xmlsec-maintwg@w3.org>, <public-xmlsec-maintwg-request@w3.org> Date: 10/29/2007 10:34 AM Subject: RE: Initial thoughts on chartering _____ How little canonicalization do you want to do? If we have a signature that is a referenced document that just happens to be XML encoded there is absolutely no need for c14n. If we have a signature that is wrapped around the signed object the process is slightly trickier, if the signature is inside the signed object its harder still. I certainly agree that there are many cases where c14n is unnecessary. I suspect however that to make it work well in the last two cases we will have to specify the enveloping mechanism more tightly than we do with XSL transformations. and the like. _____ From: public-xmlsec-maintwg-request@w3.org on behalf of Anthony Nadalin Sent: Mon 29/10/2007 9:36 AM To: Thomas Roessler Cc: public-xmlsec-maintwg@w3.org; public-xmlsec-maintwg-request@w3.org Subject: Re: Initial thoughts on chartering So one item missing from list is ways not to have to use C14N (of any type) Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 Thomas Roessler ---10/29/2007 08:21:24 AM---As a reminder, some initial thoughts on chartering of follow-up work From: Thomas Roessler <tlr@w3.org> To: public-xmlsec-maintwg@w3.org Date: 10/29/2007 08:21 AM Subject: Initial thoughts on chartering _____ As a reminder, some initial thoughts on chartering of follow-up work are here: <http://www.w3.org/2007/xmlsec/wiki/charter> http://www.w3.org/2007/xmlsec/wiki/charter This is mostly an initial list of tasks. It would be useful to have this reviewed in time for the call tomorrow, as this document is on the agenda for it. Regards, -- Thomas Roessler, W3C <tlr@w3.org> (See attached file: graycol.gif)(See attached file: ecblank.gif)
Attachments
- image/gif attachment: ecblank.gif
- image/gif attachment: graycol.gif
Received on Monday, 29 October 2007 16:44:57 UTC