- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Mon, 12 Feb 2001 09:27:34 -0500
- To: "XML DSig" <xmldsig@hotmail.com>
- cc: w3c-ietf-xmldsig@w3.org
From: "XML DSig" <xmldsig@hotmail.com> X-Originating-IP: [196.1.104.84] To: w3c-ietf-xmldsig@w3.org Date: Mon, 12 Feb 2001 10:46:31 +0530 Message-ID: <F1816Cw9fClNfnXafBZ00009606@hotmail.com> >Hi: > >In the signed XML documents such as this: >----------------- ><?xml version='1.0' encoding='UTF-8'?> ><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> > <SignedInfo> > <CanonicalizationMethod >Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/> > <SignatureMethod >Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> > <Reference URI="file:///E:/Code/XSS4JPoC/SimpleSigningPoC/personal.xml"> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <DigestValue>sNiXgt6+NHWnE+Mwn+ZZfoPPEwE=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue> > bO6TFCw+JLYDwbrMYFxW+CeJBZlDotPuDXbMu4d+Jz6tmANuGzxtAw== > </SignatureValue> > <KeyInfo> > <KeyValue> > <DSAKeyValue> > >----------------- >[using IBM XSS4J] > >we find there are URI's mentioned corresponding to the algorithm. > >I would like to know > >1) What do these URI's correspond to and what do the mean in the real life >implementation scenario ? Algorithm identifying URIs correspond to algorithms. This standard isn't about "meaning". What do you mean when you ask what they "mean"? Those specified in the XML DSIG document refer to the algorithms given. Other URIs can correspond to the same or different algorithms. Things are currently set up so that if you dereferenced them, you get to human readable English text. >2) Is it appropriate to interpret the URI's as "keys" whose values >correspond to java "class" which is the implementation of the actual >algorithm ? From another point of view, these URIs are just character strings that happen to meet the URI syntax constraints. As such, if you felt like using them as some sort of index or key into some table in some implementation, I don't see why you shouldn't. I don't off hand know what syntax constraints there are on java class names. >3) There seems to be no reference to the XML Schema / DTD in the document, >so how does one validate it ? The signature Schema and DTD are referenced from the XML-Signature Syntax and Processing document if you want to use them as part of a rule driven syntax check. A validating parser is not required. (Note: The word "valid" is used in the standard for signature validity, not XML validity.) >4) There is a reference to the XMLDSIG namespace, should the recipient >application expect to find the XMLSchema corresponding to the XML Signed >document at the given URI ? Why haven't you simply tried dereferencing it? All this stuff is currenlty set up to get you to the English human readable XML-Signature Syntax and Processing document. Donald >I would appreciate if some members of the list would share their insight on >this. > >Thanks in advance. > >-XMLDSig.
Received on Monday, 12 February 2001 09:27:43 UTC