RE: Question on canonicalization and namespaces from Spielman, Terence on 2002-06-10 (w3c-ietf-xmldsig@w3.org from April to June 2002)

From: Spielman, Terence <TSpielma@inovant.com>
Date: Mon, 10 Jun 2002 08:29:04 -0700
To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Cc: "'reagle@w3.org'" <reagle@w3.org>
Message-Id: <A38C0F5A6E195C48AC2C93BEC33EF83D54FC87@sw745x043.visa.com>

Thank you for the reply.

If anyone could quickly answer the following yes/no questions as
well, I would appreciate it.  Based on my readings of the specs
(XML, Namespaces, XMLDSIG), my answers are in square brackets.

1) Is it required that the Signature element have a namespace
   node with a value of "http://www.w3.org/2000/09/xmldsig#"?
   [No if the XML need only be well-formed and Yes otherwise]

2) Does this namespace attribute have to be declared in the
   Signature element itself?
   [No, it can be declared higher in the DOM, see example 3]

3) Is it possible to declare a non-default namespace node for
   the xmldsig elements prior to the Signature element?
   [Yes, the following is legal]
   e.g.
   <SomeElement xmlns="http://foo.com/#bar"
		xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
   ....
     <dsig:Signature>
       <dsig:SignedInfo>
       ...
       </dsig:SignedInfo>
      </dsig:Signature>
    ...
    </SomeElement>

Thanks!
Terence

> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org]
> Sent: Thursday, June 06, 2002 4:07 PM
> To: Spielman, Terence
> Cc: 'w3c-ietf-xmldsig@w3.org'
> Subject: Re: Question on canonicalization and namespaces
> 
> 
> On Thursday 06 June 2002 10:37 am, Spielman, Terence wrote:
> > "Yes, the namespace attribute is present in the serialized 
> version of 
> > the SignedInfo".
> 
> http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-Canon
icalizationMethod
4.3.1 The CanonicalizationMethod Element
...
 The way in which the SignedInfo element is presented to the
   canonicalization method is dependent on that method. The following
   applies to algorithms which process XML as nodes or characters:
     * XML based canonicalization implementations MUST be provided with a
       [XPath] node-set originally formed from the document
       containing the SignedInfo and currently indicating the SignedInfo,
       its descendants, and the attribute and namespace nodes of
       SignedInfo and its descendant elements.
     * Text based canonicalization algorithms (such as CRLF and charset
       normalization) should be provided with the UTF-8 octets that
       represent the well-formed SignedInfo element, from the first
       character to the last character of the XML representation,
       inclusive. This includes the entire text of the start and end tags
       of the SignedInfo element as well as all descendant [187]markup
       and character data (i.e., the text) between those tags. Use
       of text based canonicalization of SignedInfo is NOT RECOMMENDED.

Received on Monday, 10 June 2002 11:29:12 UTC