Re: SOAP Message Canonicalization from Joseph Reagle on 2003-01-10 (w3c-ietf-xmldsig@w3.org from January to March 2003)

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 10 Jan 2003 11:12:48 -0500
To: Marc Hadley <marc.hadley@sun.com>
Cc: dee3@torque.pothole.com, w3c-xml-protocol-wg@w3.org, Martin Gudgin <mgudgin@microsoft.com>, w3c-ietf-xmldsig@w3.org
Message-Id: <200301101112.48441.reagle@w3.org>

On Friday 10 January 2003 10:55, Marc Hadley wrote:
> > <Reference
> >  URI="http://example.com/foo.html">
> >   <Transforms>
> >     <Transform Algorithm="http://www.w3.org/2002/11/sm-c14n"/>
> >     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> >   </Transforms>
>
> Would there be any value in specifying both a distinct transform and a
> canonicalization algorithm ?

This is what I did above... Oh, there's probably a terminology issue 
involved? A canonicalization algorithm *is* a transform. It's a transform 
that's understood to create a canonical form without incidental variances 
(under some applications definition of "incidental"); these particular 
types of transforms can be applied against SignedInfo as well -- while 
generic multi-step transform processes can't. So with this said, what 
exactly did you mean?

> > 3. Just curious, but how much of a demand was for these application
> > variances, particularly "0" and "false." (Would seem easier just to
> > choose
> > one from the outset...?)
>
> IIRC, the working group wanted to use the standard simple schema types
> where possible. Even if this were fixed we would still have to
> normalize 'defaulted' attribute values, processing instructions and
> whitespace.

But, if I understand correctly, you don't want to require schema validation? 
(Otherwise, SchemaCentic c14n might be worth consideration?
  http://www.uddi.org/pubs/SchemaCentricCanonicalization-20020710.htm
)

> > http://www.w3.org/2002/07/xml-exc-c14n-errata#E02
> > E02 2002-10-03 (Error)
> > In section 4 Use in XML Security, the data type of the PrefixList
> > attribute
> > value is specified as NMTOKENS in both the DTD and Schema. This does
> > not
> > permit the occurrence of the '#default' token in the attribute value
> > because of the "#" character. Consequently, the type of this attribute
> > value should be CDATA in a DTD and/or xsd:string in a XML Schema.
>
> Thanks for pointing that out. I don't think the errata results in any
> changes being required though or did I miss something ?

No, just a heads up that if you include the DTD/schema within one of your 
own, you should use the corrected version.

Received on Friday, 10 January 2003 11:13:02 UTC