RE: Base64

Merlin,

> Hi Gregor,
>
> As far as I (possibly we) understand it, schema-normalized values are
> *not* exposed as part of the standard XML infoset (and thus probably
> not DOM), but as part of the post schema-validation infoset, which is
> an augmentation, not a replacement, of the XML infoset.
>
> So, any canonical form for base64 should not affect signature processing.

As far as I know you are using Xerces as parser for your toolkit. How do
you deal with the related behaviour of Xerces? Xerces does not provide
an interface for "exposing the post-schema validation infoset , beyond
that provided by DOM or SAX;".

So this means that if I turn on validating parsing in Xerces I get a DOM
document with schema-normalized base64Binary values. It seems that Xerces
does this validation not on all types. For instance, no normalization is
done for an integer type. Currently I have not found a way to avoid this
behaviour.

> Also, there is a proposal that schema validation be an *explicit*
> transform, so the possibility of sender/recipient schema validation
> conflict (defaulted values) may be reduced. Of course, this won't
> really help in the case of same-document references.

As you state, this does help neither for same-document references nor for
getting the octets that form the input of cryptographic signature
validation.

BTW, Merlin: I have not able to send you email to merlin@baltimore.ie in
the last couple of days, since I always get back an unknown user error
from the baltimere.ie postmaster.

Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------