RE: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-05-28

["Scott Cantor" <cantor.2@osu.edu>]

Drummond Reed wrote on 2009-05-28:
> Will asked whether these more narrow requirements are already profiled
> somewhere. Scott said yes, the SAML profile of XML dSig, which uses the
> enveloped signature option, already meets these constraints, and should be
> able to be referenced as is by the XRD 1.0 spec. Scott also believes that
> the IMI 1.0 (Information Card) spec uses a similar profile.

To clarify, I wouldn't suggest referencing either of those specs, I'm saying
that SAML illustrates what is essentially the same constrained use case as
this one and the approach should be copyable more or less directly.

> Scott explained that biggest single factor in avoiding XML dSig complexity
> is avoiding Q-Names in our schema.

Specifically avoiding creating content models in which attribute or element
values contain QNames. That reduces the need for InclusivePrefix use, which
is easy to implement in the signing layer, but hard to get set correctly in
the face of extensions.

> We can also further reduce signature
> complexity by adding constraints such as requiring attribute ordering.

I wouldn't really argue for doing that, but if people really see
implementing the attribute reordering step as a problem, it's a possibility.

> He also noted that we need to add an ID attribute on our root element.

Will reminded me that we have xml:id now, so that's obviously the way to do
it.

-- Scott