Re: Soap Message Canonicalization (SM-C14N)

Mark Hadley writes:

>> There's more to it than that, the proposed rules allow 
>> intermediaries to remove mustUnderstand="true|1", 
>> role=".../ultimateReceiver" attributes for instance. 
>> This is why the C14N transform would be a useful addition
>> to the spec.

Agreed.  IF the protocols WG finally decides to allow such changes, then 
there is some value in a canonical form that accounts for them.  My 
concern was about the much more complex proposal to sort headers based on 
their complete content, etc. 

Even so, I think that most uses of signature will be over >portions< of a 
SOAP message.  Otherwise, we'd be saying that none of the intermediaries 
through which the message pass can do anything interesting to change or 
update the message!  So, I think the other pitfall would be to invest 
design effot in trying to specifically account for the trivial changes 
that intermediaries will make to a message, but to not anticipate the 
useful work that they do.  I suspect that useful signature systems will be 
over application-identified collections of header and/or body entries.

Bottom line:  I think we should carefully articulate the requirements and 
use cases for canonicalization and signatures before we go too far 
debating specific designs.  I'm not against defining a canonicalization 
once we know what the success criteria are.  Thanks!

Noah Mendelsohn                              Voice: 1-617-693-4036
IBM Corporation                                Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142

Received on Tuesday, 19 February 2002 18:11:42 UTC