- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Wed, 01 Oct 2008 02:47:54 +0200
- To: public-xmlsec@w3.org
- Message-ID: <48E2C8BA.9030706@iaik.tugraz.at>
Dear all, This is following up on the discussions minuted in http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0004.html and on the last two calls. My recollection was: The discussion was first surrounding streaming XPath implementations and transformations, robustness of signatures and interoperability of custom transforms. (Please let me know if I missed out something). Let me also rephrase in other words what I said in http://www.w3.org/2008/09/09-xmlsec-minutes : > One can either view the dereferenced data-object or the digest input > as the secured data (i.e. is the input to transforms or output). > > "What you see is what you sign" in the current specs however is > favoring the digest input as it is as close as possible to the > cryptographic hashing operation. > > There is essentially two (maybe three) big general viewpoints to look > at the chain of transforms : > 1.) It remodels the building of a viewable document from arbitrary > xml (e.g. XSLT), the secured/signed document is the transient image > at the of the chain of transforms, that ideally would hash the actual > screen, but is pleased with the digest input. > The expectation to C14N under 1. is that if different processors > screwed little things like line-endings and namespaces up, c14n is > supposed to fix this again. > 2.) The chain of transforms is a pure enabler for robustness and here > the data of interest is the actual input rather than the viewable > output; for two typical cases are, white space normalization, and as > a subcase subdocument selection, idempotency of transforms would > allow for this case to view the input to the chain of transforms > equal to the output, as you could perform it over and over again and > after the first processing it would not change any more. This assumes > that the input document may be changed on signing according to the > operations performed by the chain of transforms. > The expectation to C14N under 2. in fact the expectation in 2. is > that the document at the beginning of the chain of transforms is in > logical and normalized identity with the input. > 3.) The hybrid case of 1.) and 2.) ... but let's skip 3.) for now ... > <fjh> question, does this depend on the extent of what > canonicalization actually does, e.g. does simplification also enable > only hashing approach <klanz2> pratik: tracing back nodes to the > input For Transformation primitives let me focus on 2.) ... A distinction between selections (they, output NodeSetData) and "real" transforms (they, return a new Document) is a necessity especially for 2.) [1]. Well and there is also normalizations that return a new document, that however is logically still equivalent to the input. Let's for now distinguish normalizations from "real" transforms, that the latter are not idempotent. Similar there is also a need to clearly communicate that selections always depend on the underlying document, which is (at least logically) augmented by namespace declarations distributed across the document to reflect the XPath data model. And one has to be appreciative that if a namespace node is not in the output NodeSetData of some selection "transform", it still can be navigated using the XPath axes. (Actually this is true for every node of the dereferenced document or parsed document - the latter in case a previous transform returned OctetStreamData). Given all these complexities of the current data model and looking at XML digital signatures from a user perspective I think there is a need (or REQUIREMENT) for a set of easy and inter-operable transforms (not selections). Such transforms should preferably be idempotent and mutually independent, so that they can be executed in parallel or in any order. I would like to call them for now transformation primitives and they should be specified in English text and their implementation should not depend on some specific data or processing model such as SAX, StAX, XPath or DOM. They would be required to be followed by another transformation primitive (no more selections) and eventually minimal canonicalization. Transformation primitives could alternatively/preferably be substantial for some form of C14N Vnext. Yet they would still be valuable as an agreed inter-operable set of ds:Transforms for legacy XMLDSig (second edition). Some quickly drafted examples for such transformation primitives could be: a)some sort of minimal canonicalization as defined in RFC 4051 [2] ... b)normalization of namespace prefixes, implying that they are not of significance to the data object. It does not contain QNames in content referred to by this ds:Reference. Hence this ds:Transform specifies a numbering scheme for namespace prefixes with some NCName [3] parameter P so that prefixes are replaced by concat(P,'1') ... concat(P,'n') ... and so on . The transformation MUST by default throw an error on the discovery of the string concat(P,x,':') in attribute values or out side tags, where x is a decimal integer .... c)normalization of multiple successive whitespace characters, implying that they are not of significance to the referenced data object and are replaced by a single white space character, ... 1) appreciating the usually line based processing of text formats either line breaks are added/normalized after each start and end TAG 2) alternatively the indention algorithm XYZ is applied ... multiple/contradicting usage of c) is prohibited ... d)sorting of attributes e)a non-XPath-Filter based version of the enveloped signature transform f) and the like .... So if one would apply those to the referenced document itself (by actually changing it) then the processing of the transforms, despite some serialization, could be omitted on verification as those transforms are idempotent. In case it fails, the transformations may be executed again assuming an allowed change has happened. If it fails again it fails overall. We should hence further revise the paradigm of not changing the dereferenced/parsed document. It seem to be easy for documents external to the signature as they will be - so to say dereferenced - by value (a copy is obtained/downloaded), whereas same-document references tend to be processed by "reference" especially as embedding an enveloped signature can only be performed in place. I hope this makes sense, best regards Konrad [1] ... previously mentioned in discussions in Boston http://www.w3.org/2007/05/02-xmlsec-minutes.html#action05 and by Pratik [2] http://tools.ietf.org/html/rfc4051#section-2.4 http://tools.ietf.org/html/rfc3075#section-6.5.1 [3] http://www.w3.org/TR/REC-xml-names/#NT-Prefix -- Konrad Lanz, IAIK/SIC - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Tel: +43 316 873 5547 Fax: +43 316 873 5520 https://www.iaik.tugraz.at/aboutus/people/lanz http://jce.iaik.tugraz.at Certificate chain (including the EuroPKI root certificate): https://europki.iaik.at/ca/europki-at/cert_download.htm
Received on Wednesday, 1 October 2008 00:48:39 UTC