Re: Clarification of expected behaviour in the presence of schema validation information from Michael McIntosh on 2009-06-13 (w3c-ietf-xmldsig@w3.org from April to June 2009)

From: Michael McIntosh <mikemci@us.ibm.com>
Date: Sat, 13 Jun 2009 13:09:18 -0400
To: John Keeping <john@metanate.com>
Cc: w3c-ietf-xmldsig@w3.org, w3c-ietf-xmldsig-request@w3.org
Message-ID: <OFEECA5539.7164BB14-ON852575D4.005DF2B3-852575D4.005E3C45@us.ibm.com>

It is my understanding that XML Signature processing is relatively schema
unaware (with the exception of needing to know which attributes are Ids).
If the nodes being signed have whitespace then the signature will include
the whitepace. If you don't want that, remove the whitepace form the
element before signing. One relatively simple (but expensive) way is to
serialize then deserialize before signing.

Regards,
Mike


                                                                                                                        
  From:       John Keeping <john@metanate.com>                                                                          
                                                                                                                        
  To:         w3c-ietf-xmldsig@w3.org                                                                                   
                                                                                                                        
  Date:       06/12/2009 05:05 PM                                                                                       
                                                                                                                        
  Subject:    Clarification of expected behaviour in the presence of schema validation  information                     
                                                                                                                        





Hi,

We've recently implemented XML digital signature support for an XML
format with an associated schema which defines an element as type
xs:base64Binary. This implies that white space in the element's content
is to be collapsed.

Indeed, when reading in the XML file, Xerces-C generates a DOM tree in
which new lines in the content have been collapsed to single spaces.
However the digest has been calculated over text content containing the
new lines.

Given that both applications have the schema available to them, what
would you expect the behaviour to be in this case?

As far as I can see there are three possibilities:

1. The generating application collapses white space in its output in
order to be compatible with both a receiving application which has the
schema and one which does not

2. The receiving application ignores the white space directive from the
schema

3. The generating application adds an explicit xml:space="collapse"
attribute to the element


Thanks,

John

--
John Keeping
Metanate Ltd
www.metanate.com (Software consultancy)
www.schemus.com (Data synchronisation)

This e-mail and all attachments it may contain is confidential and
intended solely for the use of the individual to whom it is addressed.
Any views or opinions presented are those of the author and do not
necessarily represent those of Metanate Ltd.  If you are not the
intended recipient, be advised that you have received this e-mail in
error and that any use, dissemination, printing, forwarding or copying
of this e-mail is strictly prohibited.  Please contact the sender if
you have received this e-mail in error.

Attachments

image/gif attachment: graycol.gif
image/gif attachment: ecblank.gif

Received on Saturday, 13 June 2009 17:10:07 UTC