OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Pointer to "how to implement c14n"


Just for reference,

The basic algorithm that's necessary to support signing and verification is
pretty much described here in the exclusive c14n spec:

http://www.w3.org/TR/xml-exc-c14n/#sec-Implementation

The reason it's hard in real life but easy in profiles like this one is that
the full version talks about XPath node-sets, but the profile is dealing
only with a complete XML element tree. So all the tests for whether to
output something drop out, and all you have left is attribute re-ordering
and a namespace stack.

There are few "full" c14n libraries because the full version pulls in XPath
(or a clever way of simulating it) and has to handle esoteric document
subsets. Writing a constrained version such as I proposed here is probably
10-20% "harder" than just writing out an XML document. I was talking with
Will, and I may remember enough JavaScript to take a stab at it sometime in
the next couple of months.
 
In the specific case of XRD, it may be worth asking whether exclusive c14n
is even required. Do you need to pass a signed XRD around in other XML
documents? If not, you could make it even simpler and just rely on whole
document signing with inclusive c14n and just output whatever namespace
declarations you have.

I was assuming that was too over-simplifying, but I don't know. I would err
on the side of caution and stick with exclusive though.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]