Re: [xri] Pointer to "how to implement c14n"

[Will Norris <will@willnorris.com>]

There's still a bit to do (comment nodes, entities, encoding special  
characters, etc), but I was able to implement basic exc-c14n in about  
2 hours in 90 lines of PHP.  Now, it turns out that PHP does a lot of  
the work for you with respect to adding namespace declarations onto  
the right elements... you don't actually need to keep track of the  
stack (unless I'm mistaken).  But even that wouldn't be that much more  
code.  I can definitely say it was easier than I was expecting.

http://github.com/willnorris/php-exc-c14n/tree/master

-will


On May 28, 2009, at 5:11 PM, Will Norris wrote:

> yeah, in the case of XRI resolution, we would still have multiple  
> XRD elements inside of an XRDS.  Each XRD would have its own  
> signature because each is typically from a different authority.   
> exclusive c14n doesn't look too bad... working on coding it up in  
> PHP right now.
>
> -will
>
>
> On May 28, 2009, at 5:04 PM, Scott Cantor wrote:
>
>> Just for reference,
>>
>> The basic algorithm that's necessary to support signing and  
>> verification is
>> pretty much described here in the exclusive c14n spec:
>>
>> http://www.w3.org/TR/xml-exc-c14n/#sec-Implementation
>>
>> The reason it's hard in real life but easy in profiles like this  
>> one is that
>> the full version talks about XPath node-sets, but the profile is  
>> dealing
>> only with a complete XML element tree. So all the tests for whether  
>> to
>> output something drop out, and all you have left is attribute re- 
>> ordering
>> and a namespace stack.
>>
>> There are few "full" c14n libraries because the full version pulls  
>> in XPath
>> (or a clever way of simulating it) and has to handle esoteric  
>> document
>> subsets. Writing a constrained version such as I proposed here is  
>> probably
>> 10-20% "harder" than just writing out an XML document. I was  
>> talking with
>> Will, and I may remember enough JavaScript to take a stab at it  
>> sometime in
>> the next couple of months.
>>
>> In the specific case of XRD, it may be worth asking whether  
>> exclusive c14n
>> is even required. Do you need to pass a signed XRD around in other  
>> XML
>> documents? If not, you could make it even simpler and just rely on  
>> whole
>> document signing with inclusive c14n and just output whatever  
>> namespace
>> declarations you have.
>>
>> I was assuming that was too over-simplifying, but I don't know. I  
>> would err
>> on the side of caution and stick with exclusive though.
>>
>> -- Scott
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/ 
>> my_workgroups.php
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php