Re: EXProc proposal: pxp:hmac-sha1 (and pxp:hmac-md5) from mozer on 2010-05-18 (xproc-dev@w3.org from May 2010)

From: mozer <xmlizer@gmail.com>
Date: Tue, 18 May 2010 15:53:52 +0200
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
Cc: Norman Walsh <ndw@nwalsh.com>, XProc Dev <xproc-dev@w3.org>
Message-ID: <AANLkTilqHZ3VoX880bTzzrsHTeYk8h-Mr98eMz0rsmZU@mail.gmail.com>
The design is a bit awkward here

p:hash usually uses algorithm and version

But here, there are two algorithms acting together (hmac+key and sha-1)
* @combine =hmac
* @algorithm=sha @version=1
* @param(key)= key

We have two strategies here
* a new p:mac (where the algorithm and the key would become parameters as
they are not always used in mac functions)
* p:hash extension

I would probably better go for a p:hash extension for the moment but not the
way it is proposed
* @algorithm=pxp:hmac_sha @version=1
* @param(key)= key

(see the pxp:hmac_sha instead of only pxp:hmac)

My two cents

Xmlizer


On Tue, May 18, 2010 at 2:46 PM, Henry S. Thompson <ht@inf.ed.ac.uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Norman Walsh writes:
>
> > FWIW, I've already implemented HMAC SHA1 as an extension to p:hash. Or
> > rather, Henry has, as I did little more than apply his patch. I
> > believe he needed it for some interaction with Amazon.
>
> Yes, to access Amazon Web Services, e.g. the Mechanical Turk.
>
> > <p:hash algorithm="cx:hmac">
> >   <p:with-param name="cx:accessKey" value="..."/>
> > </p:hash>
>
> Here's a sample pipeline:
>
> <p:pipeline xmlns:p="http://www.w3.org/ns/xproc" version="1.0"
>            xmlns:mt="
> http://mechanicalturk.amazonaws.com/AWSMechanicalTurkRequester/2005-10-01"
>            exclude-inline-prefixes="mt"
>            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>            xmlns:c="http://www.w3.org/ns/xproc-step">
>
>  <p:documentation>
>  <div xmlns="http://www.w3.org/1999/xhtml">
>     Sign and send a request to the Turk</div>
>  </p:documentation>
>
>  <p:variable name="stamp" select="current-dateTime()"/>
>
>  <p:insert position="first-child">
>  <p:input port="insertion">
>   <p:inline><Signature
> xmlns="
> http://mechanicalturk.amazonaws.com/AWSMechanicalTurkRequester/2005-10-01
> "><here/></Signature></p:inline>
>  </p:input>
>  </p:insert>
>
>  <p:insert position="first-child">
>  <p:input port="insertion">
>   <p:inline><Timestamp
> xmlns="
> http://mechanicalturk.amazonaws.com/AWSMechanicalTurkRequester/2005-10-01
> "><here/></Timestamp></p:inline>
>  </p:input>
>  </p:insert>
>
>  <p:string-replace match="mt:Timestamp/mt:here">
>  <p:with-option name="replace"
>                 select="concat('&quot;',$stamp,'&quot;')"/>
>  </p:string-replace>
>
>  <p:insert position="first-child">
>  <p:input port="insertion">
>   <p:inline><AWSAccessKeyId
> xmlns="
> http://mechanicalturk.amazonaws.com/AWSMechanicalTurkRequester/2005-10-01">[your
> access key here]</AWSAccessKeyId></p:inline>
>  </p:input>
>  </p:insert>
>
>  <p:hash match="/*/mt:Signature/mt:here" algorithm="cx:hmac"
>         xmlns:cx="http://xmlcalabash.com/ns/extensions" name="hash">
>  <p:with-option name="value"
>                select="concat('AWSMechanicalTurkRequester',
>                               local-name(/*),$stamp)"/>
>  <p:with-param name="cx:key"
>               select="'[your key here]'"/>
> </p:hash>
>
>  <p:insert match="soapenv:Body" position="first-child">
>  <p:input port="source">
>   <p:inline>
>    <c:request method="POST"
> href="
> http://mechanicalturk.sandbox.amazonaws.com/onca/soap?Service=AWSMechanicalTurkRequester
> ">
>     <c:header name="SOAPAction"
>               value="&quot;http://soap.amazon.com&quot;"/>
>     <c:body content-type="application/xml">
>     <soapenv:Envelope
>          xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>      <soapenv:Body/></soapenv:Envelope></c:body>
>    </c:request>
>   </p:inline>
>  </p:input>
>  <p:input port="insertion">
>   <p:pipe step="hash" port="result"/>
>  </p:input>
>  </p:insert>
>
>  <p:http-request/>
>
> </p:pipeline>
>
> - --
>       Henry S. Thompson, School of Informatics, University of Edinburgh
>      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
>                Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
>                       URL: http://www.ltg.ed.ac.uk/~ht/
>  [mail from me _always_ has a .sig like this -- mail without it is forged
> spam]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFL8oxBkjnJixAXWBoRAp1ZAJ0Wx9wtVKKD3ZmzQaE+noNULkyTiQCdGLuv
> LN/wZ0PSRPPbVadZQmoD024=
> =Fo8o
> -----END PGP SIGNATURE-----
>
>
Received on Tuesday, 18 May 2010 14:00:33 UTC