Re: Some strawman ideas for a minimum DSig profile from Thomas Roessler on 2008-08-12 (public-xmlsec@w3.org from August 2008)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 12 Aug 2008 17:23:53 +0200
To: Kelvin Yiu <kelviny@exchange.microsoft.com>
Cc: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <20080812152353.GC383@iCoaster.does-not-exist.org>

some technicalities...

On 2008-08-11 14:06:21 -0700, Kelvin Yiu wrote:

>   <?xml version="1.0" encoding="utf-8"?>
>   <?xml-min-dsig version="1.0"?>
>   <k:Root xmlns:k="http://www.example.com/2008/08/k#"
>       xmlns:xml="http://www.w3.org/XML/1998/namespace">
>     <?xml-min-dsig
>         URI="#k1"
>         ref-id="Sig1Ref1"

Any reason to not make ref-id a URI reference?

>         digest-algorithm="http://www.w3.org/2001/04/xmlenc#sha256"?>
>     <k:Node1 xml:id="k1" xmlns:k="http://www.example.com/2008/08/k#"
>         xmlns:xml="http://www.w3.org/XML/1998/namespace">
>       <k:Text>sample text</k:Text>
>     </k:Node1>
>     <k:Node1 xml:id="k2">
>       <k:Text>More sample text</k:Text>
>     </k:Node1>
>     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>       <?xml-min-dsig
>           digest-algorithm="http://www.w3.org/2001/04/xmlenc#sha256"?>
>       <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>         <ds:CanonicalizationMethod
>             Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>         <ds:SignatureMethod
>             Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
>         <ds:Reference URI="#k1" Id="Sig1Ref1">
>           <ds:Transforms>
>             <ds:Transform
>                 Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>           </ds:Transforms>
>           <ds:DigestMethod
>               Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>           <ds:DigestValue>...</ds:DigestValue>
>         </ds:Reference>
>       </ds:SignedInfo>
>       <ds:SignatureValue>...</ds:SignatureValue>
>       <ds:KeyInfo>...</ds:KeyInfo>
>     </ds:Signature>
>   </k:Root>

...

>   <?xml version="1.0" encoding="utf-8"?>
>   <?xml-min-dsig version="1.0"?>
>   <k:Root xmlns:k="http://www.example.com/2008/08/k#"
>       xmlns:xml="http://www.w3.org/XML/1998/namespace">
>     <?xml-min-dsig
>         URI="#k1"
>         ref-id="Sig1Ref1"
>         digest-algorithm="http://www.w3.org/2001/04/xmlenc#sha256"?>
>     <k:Node1 xml:id="k1">
>       <k:Text>sample text</k:Text>
>     </k:Node1>
>     <k:Node1 xml:id="k2">
>       <k:Text>More sample text</k:Text>
>     </k:Node1>
>     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>       <?xml-min-dsig
>           digest-algorithm="http://www.w3.org/2001/04/xmlenc#sha256"?>
>       <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>         <ds:CanonicalizationMethod Algorithm=""/>

An empty URI reference is a reference to the current document, so
the Algorithm attribute's value here isn't really an empty string.

>         <ds:SignatureMethod
>             Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
>         <ds:Reference URI="#k1" Id="Sig1Ref1">
>           <ds:DigestMethod
>             Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>           <ds:DigestValue>...</ds:DigestValue>
>         </ds:Reference>
>       </ds:SignedInfo>
>       <ds:SignatureValue>...</ds:SignatureValue>
>       <ds:KeyInfo>...</ds:KeyInfo>
>     </ds:Signature>
>   </k:Root>
> 
> 
> Thoughts?
> 
> Kelvin and Brian
> 
> 
> Sample disclaimer text
> 
> 
> 

-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Tuesday, 12 August 2008 15:24:27 UTC