Re: XML Canonicalization Requirements from Richard Himes on 1999-04-01 (w3c-xml-sig-ws@w3.org from March 1999)

From: Richard Himes <rhimes@nmcourt.fed.us>
Date: Wed, 31 Mar 1999 17:20:32 -0700
To: w3c-xml-sig-ws@w3.org
Message-ID: <3702BBD0.1CF17C4E@nmcourt.fed.us>

w3c-xml-sig-ws@w3.org wrote:

> Folks,
>
> I want to draw your attention to the W3C Note [1].
>         http://www.w3.org/TR/NOTE-xml-canonical-req
>
> That WG is looking for direction on the level of semantic depth folks like
> you will want in your signatures. A couple of related questions bouncing
> around from that WG (based on an email from Bert Bos):
>
>   - the XML-namespace draft allows changes in prefixes that namespace-aware
>     applications are supposed to ignore. I think DOM-HASH and other
> processors
>     will have to expand the namespace of every single ns-identifier so as to
> ensure they
>     have a non-ambiguis hash, no?
>

I believe DOMHASH takes care of this by expanding the name (replacing
the ns-identifier with the URI)

>
>   - if a document has a DTD and in the DTD there are fixed or default
>     attributes that don't occur in the instance, do we consider those
>     attributes to be part of the instance or not?

I believe so.  Also, don't we have to worry about substitute strings for
general entities?  These could change the context drastically.

>   - if a document has a DTD that defines "unparsed entities" (links to
>     images and such; yeah, I know people should use Xlink for that,
>     but XML still allows it) then the internal name of the entity is
>     arbitrary. Should it be renamed in the canonical form?

Yes, and I believe DOMHASH handles this.

>   - to what degree should the semantic or surface structure of referenced
>     resources be included in the hash? Where would you come down in
> addressing
>     the old problem (even from PICS days) of what is the semantic scope of a
> resource
>     that links or is composed of other resources?

If I understand the problem, perhaps only canonical external references (but
not the referenced content) should be included in the hash.  However, we
should allow signatures of external resources (e.g. external XLinked elements
or external documents in non-XML formats.)

> _______________________
> Regards,          http://web.mit.edu/reagle/www/
> Joseph Reagle     E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E
> independent research account
>
>   ------------------------------------------------------------
>                     Name: RFC822.TXT
>    RFC822.TXT       Type: Plain Text (text/plain)
>                 Encoding: base64
>              Description:

Rich Himes
<rhimes@nmcourt.fed.us>

Received on Wednesday, 31 March 1999 19:20:45 UTC