ISSUE-38: Profile for signature processing for non-XML or for constrained XML requirements
Profile for signature processing for non-XML or for constrained XML requirements
- State:
- CLOSED
- Product:
- XML Security 1.1 Requirements and Design Considerations
- Raised by:
- Scott Cantor
- Opened on:
- 2008-07-29
- Description:
- [bhill] I see some significant value potential in a mandatory C14N algorithm for "the simplest possible case" or close to it. Consider the a raw-octets digest as done by Cantor, et al's SimpleSign or some XrML licenses, where transmission is assumed to be point-to-point (at least between XML aware entities) but there is still a desire to have signature data carried by XML.
This sort of signature is widely deployed in application-specific implementation; it would be beneficial for all fully-featured XMLDSIG processors to have a *standard* way to inter-operate with systems only implementing such limited signature capabilities. - Related Actions Items:
- No related actions
- Related emails:
- 2009-03-31 Minutes for Approval (from edsimon@xmlsec.com on 2009-04-03)
- Agenda: Distributed Meeting 2009-03-31 (from frederick.hirsch@nokia.com on 2009-03-30)
- Agenda: Distributed Meeting 2009-03-24 v2 (resend) (from frederick.hirsch@nokia.com on 2009-03-23)
- Agenda: Distributed Meeting 2009-03-24 v2 (from Frederick.Hirsch@nokia.com on 2009-03-23)
- Agenda: Distributed Meeting 2009-03-24 (resend) (from Frederick.Hirsch@nokia.com on 2009-03-22)
- Agenda: Distributed Meeting 2009-03-24 (from Frederick.Hirsch@nokia.com on 2009-03-22)
- Agenda: Distributed Meeting 2009-03-17 (resend) (from frederick.hirsch@nokia.com on 2009-03-11)
- Agenda: Distributed meeting 2009-03-17 (from Frederick.Hirsch@nokia.com on 2009-03-11)
- Requirements as Issues (XML Signature and Canonicalization V Next Requirements) (from gerald.edgar@boeing.com on 2009-03-09)
- Re: 9 december minutes update (from frederick.hirsch@nokia.com on 2008-12-16)
- Agenda: Distributed meeting 2008-12-09 (from frederick.hirsch@nokia.com on 2008-12-05)
- Action: A need to address requirements listed as Issues (from gerald.edgar@boeing.com on 2008-09-22)
- Meeting record: 2008-07-29 (from tlr@w3.org on 2008-08-12)
- Draft minutes for Jul 29 meeting (from cantor.2@osu.edu on 2008-07-31)
Related notes:
[bhill] Such a C14N profile would likely only be supported for a constrained set of transforms and reference types. Perhaps for enveloping only, or enveloping and detached with a full URI reference. XPath, XPointer references would be disallowed, as well as additional C14N transforms, XSLT, etc. except perhaps Base64?
Bradley Hill, 30 Jul 2008, 01:33:31Would be necessary to disallow raw-octet C14N if used with other than enveloping or detached signatures employing full URI references. (no XPath or XPointer) Also disallow all other transforms other than Base64. Is this a breaking change with current spec? (all algorithms, transforms, etc. are assumed to be able to be combined in any manner today)
Bradley Hill, 30 Jul 2008, 01:37:13Display change log