[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] XMLData opaqueness ?
Ed, Your suggestion is to escape all the '<' and '>' so that in plain words, within <XMLData> there is not xml any more but a String coming from the serialization of a XML document or subtree where '<' and '>' have been escaped... I have a doubt: are we sure that any parser would be able to correctly undo the escape operations? I mean, what if within the original XML document there are '<' or '>' escaped documents as text (ie, as characters of the text content of certain elements)? Are we sure that the parser at the receiver will be able to distinguish which escaped characters will have to unescape? Juan Carlos. Edward Shallow wrote: >Folks, > > With respect to passing in content inside the XMLData element (on either >a Verify or Sign) do you believe it would be legitimate to ensure opaqueness >of the content by escaping all the <'s and >'s ? > > For example replace all < with < and all > with > > > See attached for an explicit example. > > In fact my XML library (Gnome libxml2) is doing exactly this when I >invoke the serialize() method on the parsed xml tree object. > > This in fact allows an implementation to support an xml declaration line >(i.e. <?xml version="1.0" encoding="UTF-8"?> ) which might be inside the >content (and whose encoding may be different from the request's e.g. >ISO-8859-1 or UTF-16) without causing parsing problems. > > Is anyone else having similar challenges ? > > Browsers accept this escaped nesting. > >Ed > > >------------------------------------------------------------------------ > ><?xml version="1.0"?> ><VerifyRequest> > <InputDocuments> > <Document ID="" RefURI="" RefType=""> > <Schema></Schema> > <XMLData><?xml version="1.0" encoding="UTF-8"?> ><a> > <b> > <c> > <c1 MimeType="text/plain">This is the data</c1> > <c2 MimeType="text/plain">This is the data</c2> > <c3 MimeType="text/plain">This is the data</c3> > </c> > </b> > <d> > <d1 MimeType="text/plain">This is the data</d1> > <d2 MimeType="text/plain">This is the data</d2> > </d> > <e> > <f> > <f1 MimeType="text/plain">This is the data</f1> > <f2 MimeType="text/plain">This is the data</f2> > <f3 MimeType="text/plain">This is the data</f3> > </f> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> > <SignedInfo> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <Reference URI=""> > <Transforms> > <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <DigestValue>pgu/Uz5BP+zLoBBrBgw53jd6HkQ=</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>ZdzhD7MgikUel39mWp3nmG3whg/WzmevyEYDM7ZU/HREssF0CayKdMuDqjktSf81YLxJPheYQh4VobTmUyu8CMST6Eu5ltrEQk3Z9004cDQvLC1/i9Vf4DEnpHdocGH0no92t2EH0ompmAQV02+uAffKO78/Dxi1qmKnvr7iZK0=</SignatureValue> > <KeyInfo> > <KeyName/> > <X509Data> > <X509Certificate>MIIEUDCCAzigAwIBAgIBJTANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UEBhMCQ0Ex >EDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEgMB4GA1UEChMXQ2Fu >YWRhIFBvc3QgQ29ycG9yYXRpb24xGjAYBgNVBAoTEUZvciBUZXN0IFVzZSBPbmx5 >MR0wGwYDVQQLExRFbGVjdHJvbmljIFBvc3QgTWFyazE2MDQGA1UEAxMtQ2FuYWRh >IFBvc3QgQ29ycG9yYXRpb24gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSwwKgYJKoZI >hvcNAQkBFh1TZWN1cml0eU9mZmljZXJAY2FuYWRhcG9zdC5jYTAeFw0wNDA2MDgy >MDQwMzlaFw0wOTA2MDcyMDQwMzlaMIHVMQswCQYDVQQGEwJDQTEQMA4GA1UECBMH >T250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMSAwHgYDVQQKExdDYW5hZGEgUG9zdCBD >b3Jwb3JhdGlvbjEaMBgGA1UEChMRRm9yIFRlc3QgVXNlIE9ubHkxHTAbBgNVBAsT >FEVsZWN0cm9uaWMgUG9zdCBNYXJrMR8wHQYDVQQDExZFZHdhcmQgUGF0cmljayBT >aGFsbG93MSUwIwYJKoZIhvcNAQkBFhZlZHdhcmRzaGFsbG93QHlhaG9vLmNhMIGf >MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwTN93TVLfN4UiHzo714UsPDXQlb/p >VNUMXPzSQnEgQe8HuAn7PU2HR5hY8vmE3V8K2w9h5oqzybuUzwASTA0Pp4IDus43 >/aYDzqMD0d3FfS8a+w64Vdmzky+AHxM0I5kvzmJ7NXyvZc6lweW5WNDqY/vUzHG5 >XTmP4av7Z6rz2wIDAQABo4GOMIGLMAwGA1UdEwQFMAMCAQAwHQYDVR0OBBYEFPQ8 >gj6eGzywxxOG4Q0mJcHLOibPMB8GA1UdIwQYMBaAFDlJBm7JMYyBXc1i6V4IYkQv >K3pqMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jYTEudXB1LmludC9tYXN0ZXIu >Y3JsMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAa/QccSERNizFPuFX >91xgk3Gonlkiyaan4ZiGuD10q5608dD3DaQmcRW5vCyD3yuix+uIO5GZFpheN3OB >+gbs0EDMRWZHupVja2Meghb/e3XOAYilLnTkHPfdycNsCz+AL5fyEAHvQoAo9kV5 >LVG2SrDmJ+fcsiKnCTAsKFExCPuqSYUKy8sw5+C3UxHqz0a7bVg9sQvPSGAy0U6Y >xiPrPUBwlFR2uVmkQbRnZD3/m6Ypxajyq5Klie72TAwP4RuB3NQnhDclDuTrJ6b3 >AKYNb3RKmwJXRl9rC5IUrQ4jByzBNMilqoX6zKxB+1+GcH5WvuKVQwElbwVPHkpM >EwZOBg==</X509Certificate> ><X509SubjectName>emailAddress=edwardshallow@yahoo.ca,CN=Edward Patrick Shallow,OU=Electronic Post Mark,O=For Test Use > Only,O=Canada Post Corporation,L=Ottawa,ST=Ontario,C=CA</X509SubjectName> ><X509IssuerSerial> ><X509IssuerName>emailAddress=SecurityOfficer@canadapost.ca,CN=Canada Post Corporation Certificate Authority,OU=Electr >onic Post Mark,O=For Test Use Only,O=Canada Post Corporation,L=Ottawa,ST=Ontario,C=CA</X509IssuerName> ><X509SerialNumber>37</X509SerialNumber> ></X509IssuerSerial> ></X509Data> > </KeyInfo> > </Signature> > </e> ></a> ></XMLData> > </Document> > </InputDocuments> > <NodeName></NodeName> ></VerifyRequest> > > > >------------------------------------------------------------------------ > >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. You may a link to this group and all your TCs in OASIS >at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]