Re: SOAP Message Canonicalization - New Version from Marc Hadley on 2003-01-24 (w3c-ietf-xmldsig@w3.org from January to March 2003)

From: Marc Hadley <Marc.Hadley@Sun.COM>
Date: Fri, 24 Jan 2003 15:44:03 -0500
To: Joseph Reagle <reagle@w3.org>
Cc: Rich Salz <rsalz@datapower.com>, w3c-ietf-xmldsig@w3.org, w3c-xml-protocol-wg@w3.org, Martin Gudgin <mgudgin@microsoft.com>
Message-id: <9304D537-2FDC-11D7-91E8-0003937568DC@sun.com>

On Friday, Jan 24, 2003, at 12:32 US/Eastern, Joseph Reagle wrote:
>> SOAP Message Canonicalization may be used as a Transform
>> algorithm in XML Digital Signature [XML DSig] and XML Encryption [XML  
>> Enc].
>
> Encryption really doesn't have a transform mechanism of its own that  
> would
> use this transform. xenc is integrated with xmldsig via xmldsig's  
> transform
> mechanism; and it has it's own for obtaining remote ciphertext (via
> CipherReference: e.g., plucking the third cipher-block out of some  
> remote
> XML file). Consequently, I'd probably drop the reference to XENC here.
>
OK, will do.

>> It may be used in conjunction with other Transform algorithms and
>> with a CanonicalizationMethod including XML Canonicalization [XML  
>> C14N]
>> and Exclusive XML Canonicalization [EXCL C14N]
>
> sm-c14n certainly can be used with c14n or exc-c14n as part of a
> dsig:Transform. For example, this mitigates the SOAP variances and then
> exclusive-canonicalizes it.
>
> <Reference URI="http://www.example.com/soap_cache.xml/">
>   <Transforms>
>     <Transform Algorithm="http://www.w3.org/2002/11/sm-c14n"/>
>     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>   </Transforms>
>
> However, it can't be used in CanonicalizationMethod [1] because
> CanonicalizationMethod  only takes *one* algorithm and applies it to
> SignedInfo so as to yield octets. (sm-c14n requires a partner  
> serialization
> method to yield octets.) Fortunately, we've already noted that we don't
> forsee any circumstances where we'd want to use sm-c14n on SignedInfo.
>
I don't intend to imply that it could be used as a  
CanonicalizationMethod, perhaps the sentence should be reworded as:

"It is always used in conjunction with a CanonicalizationMethod (e.g.  
XML Canonicalization [XML C14N] or Exclusive XML Canonicalization [EXCL  
C14N]) and may also be used in conjunction with other Transform  
algorithms1."

Does that make it clearer ?

> But this does bring me to another question, if sm-c14n doesn't yield  
> any
> octets, which I think is appropriate, perhaps we should call it  
> something
> other than canonicalization, which to date has connoted serialization  
> as
> well. "SOAP Identity Transform" is a awkward but would avoid confusion  
> on
> this note...?
>
Hmmm, I see your point. I was using canonicalization in its broader  
sense. I'd prefer to keep the current name but I could probably live  
with something like "SOAP Message Normalization (soap-n11n)" - I think  
'Identity Transform' could be confusing since it would imply that  
nothing is changed which is true semantically but not lexically.

Regards,
Marc.

> [1]
> http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec- 
> CanonicalizationMethod
>
--
Marc Hadley <marc.hadley@sun.com>
Web Technologies and Standards, Sun Microsystems.

Received on Friday, 24 January 2003 15:43:46 UTC