[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Pointer to "how to implement c14n"
Just for reference, The basic algorithm that's necessary to support signing and verification is pretty much described here in the exclusive c14n spec: http://www.w3.org/TR/xml-exc-c14n/#sec-Implementation The reason it's hard in real life but easy in profiles like this one is that the full version talks about XPath node-sets, but the profile is dealing only with a complete XML element tree. So all the tests for whether to output something drop out, and all you have left is attribute re-ordering and a namespace stack. There are few "full" c14n libraries because the full version pulls in XPath (or a clever way of simulating it) and has to handle esoteric document subsets. Writing a constrained version such as I proposed here is probably 10-20% "harder" than just writing out an XML document. I was talking with Will, and I may remember enough JavaScript to take a stab at it sometime in the next couple of months. In the specific case of XRD, it may be worth asking whether exclusive c14n is even required. Do you need to pass a signed XRD around in other XML documents? If not, you could make it even simpler and just rely on whole document signing with inclusive c14n and just output whatever namespace declarations you have. I was assuming that was too over-simplifying, but I don't know. I would err on the side of caution and stick with exclusive though. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]