Re: RetrievalMethod from Joseph M. Reagle Jr. on 2001-01-29 (w3c-ietf-xmldsig@w3.org from January to March 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 29 Jan 2001 18:24:36 -0500
To: TAMURA Kent <kent@trl.ibm.co.jp>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <4.3.2.7.2.20010129181347.00b18290@rpcp.mit.edu>

At 13:47 1/29/2001 +0900, TAMURA Kent wrote:
>My question was bad.  I understand a resultant octet stream is a
>raw X509 certificate if Type attribute is
>"http://....#rawX509Certificate".  For "...#X509Data",
>"...#PGPData", "...#SPKIData" and "...#MgmtData", the
>specification does not mention what is the content type of the
>resultant octet stream.  Is it an XML instance?

Ah. They are octets representing an XML element. If an XPath expression was 
used, the application will have to serialize the node set:
>Note, if the result of dereferencing and transforming the specified URI is 
>a node set, then it may need to be canonicalized. All of the KeyInfo types 
>defined by this specification (section 4.4) represent octets, consequently 
>the Signature application is expected to attempt to canonicalize the 
>nodeset via the The Reference Processing Model (section 4.3.3.2)
>http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-RetrievalMethod

There's also the question of what is the actual XML? Is it a KeyInfo 
element, or one of its children? Since the RetrievalMethod is modelled on 
the Reference, the Reference states:
>The Type attribute applies to the item being pointed at, not its contents. 
>For example, a reference that identifies an Object element containing a 
>SignatureProperties element is still of type #Object.
>http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-URI

So in this instance, since we don't even provide a KeyInfo URI (are you 
suggesting we should?), the dereferenced content will have to be an instance 
of one of the following:

http://www.w3.org/2000/09/xmldsig#X509Data
http://www.w3.org/2000/09/xmldsig#PGPData
http://www.w3.org/2000/09/xmldsig#SPKIData
http://www.w3.org/2000/09/xmldsig#MgmtData
http://www.w3.org/2000/09/xmldsig#rawX509Certificate

Does this answer the question, and if so should we make this more clear in 
the RetrievalMethod section?



__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Monday, 29 January 2001 18:25:02 UTC