The base64 tools I've used recently don't default to wrapping at 76
chars, though I did see that this is the default for GNU coreutils.
However, there is an option to not wrap. For sure, browsers can wrap
base64 encoded content when submitting a form (as this affected the
original SAML SimpleSign spec) but since the XRD is more focused around
a file format I don't see this being an issue. Are there use cases where
XRD's are POST'd to endpoints using the HTTP POST re-direct method?
That said, if experience shows it's easier to treat the base64 data as
content of the element rather than an attribute I'm ok with that.
One final question, if we do make it content of the element, won't that
make the XRD schema a little weird? The XRD could contain direct content
OR other elements if not using the "Inline mode".
Thanks,
George
Nat Sakimura wrote:
In http://wiki.oasis-open.org/xri/XrdOne/SimpleSign, I have changed
the name
"Wrapped mode" to "Inline Mode" since I dropped the wrapper.
Now, it is like George suggested.
<XRD sig="signature" sigalg="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
certuri="pem file location" data="BASE64 of the payload" />
When I was talking about this with Masaki, he suggested that since BASE64
usually
wraps at 76 or less characters per line, doing it like:
<XRD sig="signature" sigalg="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
certuri="pem file location" mode="inline">
ICA8Q2Fub25pY2FsSUQ+VW5pcXVlX2lkZW50aWZpZXI8L0Nhbm9uaWNhbElEPg0KICA8U2lnbmVy
SUQ+VW5pcXVlX2lkZW50aWZpZXI8L1NpZ25lcklEPg0KICA8U2VydmljZT4NCiAgICA8UHJvdmlk
ZXJJRD5odHRwczovL2V4YW1wbGUuY29tL3NlcnZlciMxNDIzNTQzNTY3MjwvUHJvdmlkZXJJRD4N
CiAgICA8VHlwZT5odHRwOi8vc3BlY3Mub3BlbmlkLm5ldC9hdXRoLzIuMC9zaWdub248L1R5cGU+
DQogICAgPFR5cGU+aHR0cDovL3NwZWNzLm9wZW5pZC5uZXQvdHgvMS4wPC9UeXBlPg0KICAgIDxV
Ukk+aHR0cHM6Ly9leGFtcGxlLmNvbS9zZXJ2ZXI8L1VSST4NCiAgPC9TZXJ2aWNlPg0KICA8U2Vy
dmljZT4NCiAgICA8UHJvdmlkZXJJRD5odHRwczovL3N0cy5lcXVpZmF4LmNvbS8jMjAwODEyMDMw
MDAwMDA8L1Byb3ZpZGVySUQ+DQogICAgPFR5cGU+aHR0cDovL3NjaGVtYXMuaW5mb3JtYXRpb25j
YXJkLm5ldC9AaWNzL2FnZS0xOC1vci1vdmVyLzIwMDgtMTE8L1R5cGU+DQogICAgPFVSST5odHRw
czovL3N0cy5lcXVpZmF4LmNvbS88L1VSST4NCiAgPC9TZXJ2aWNlPg==
</XRD>
Which do you think is better?
Any opinion?
=nat
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php