OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Pointer to "how to implement c14n"

yeah, in the case of XRI resolution, we would still have multiple XRD  
elements inside of an XRDS.  Each XRD would have its own signature  
because each is typically from a different authority.  exclusive c14n  
doesn't look too bad... working on coding it up in PHP right now.

-will


On May 28, 2009, at 5:04 PM, Scott Cantor wrote:

> Just for reference,
>
> The basic algorithm that's necessary to support signing and  
> verification is
> pretty much described here in the exclusive c14n spec:
>
> http://www.w3.org/TR/xml-exc-c14n/#sec-Implementation
>
> The reason it's hard in real life but easy in profiles like this one  
> is that
> the full version talks about XPath node-sets, but the profile is  
> dealing
> only with a complete XML element tree. So all the tests for whether to
> output something drop out, and all you have left is attribute re- 
> ordering
> and a namespace stack.
>
> There are few "full" c14n libraries because the full version pulls  
> in XPath
> (or a clever way of simulating it) and has to handle esoteric document
> subsets. Writing a constrained version such as I proposed here is  
> probably
> 10-20% "harder" than just writing out an XML document. I was talking  
> with
> Will, and I may remember enough JavaScript to take a stab at it  
> sometime in
> the next couple of months.
>
> In the specific case of XRD, it may be worth asking whether  
> exclusive c14n
> is even required. Do you need to pass a signed XRD around in other XML
> documents? If not, you could make it even simpler and just rely on  
> whole
> document signing with inclusive c14n and just output whatever  
> namespace
> declarations you have.
>
> I was assuming that was too over-simplifying, but I don't know. I  
> would err
> on the side of caution and stick with exclusive though.
>
> -- Scott
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]