ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 328ab65185
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '328ab65185'
${ noResults }
server_playground/doc/www.w3.org/TR/2006/NOTE-DSig-usage-20061220/index.html

335 lines
14 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Using XML Digital Signatures in the 2006 XML
Environment</title><style type="text/css">
code { font-family: monospace; }
div.constraint,
div.issue,
div.note,
div.notice { margin-left: 2em; }
dt.label { display: run-in; }
li, p { margin-top: 0.3em;
margin-bottom: 0.3em; }
div.assertion { border: 4px double gray; padding: 0.5em; margin-bottom: 0.2em; }
blockquote { background-color: #eeeeee; }
spectext { background-color: #eeeeee; }
.message { background-color: #d5dee3; }
pre { margin-left: 4em}
p.diff-chg,
li.diff-chg,
h1.diff-chg,
h2.diff-chg,
h3.diff-chg,
h4.diff-chg,
h5.diff-chg,
h6.diff-chg,
td.diff-chg,
tr.diff-chg { background-color: #E47833; }
p.diff-del,
li.diff-del,
h1.diff-del,
h2.diff-del,
h3.diff-del,
h4.diff-del,
h5.diff-del,
h6.diff-del,
td.diff-del,
tr.diff-del { background-color: red; text-decoration: line-through;}
p.diff-add,
p.diff-add,
h1.diff-add,
h2.diff-add,
h3.diff-add,
h4.diff-add,
h5.diff-add,
h6.diff-add,
td.diff-add,
tr.diff-add { background-color: lime; }
table { empty-cells: show; }
div.exampleInner pre { margin-left: 1em;
margin-top: 0em; margin-bottom: 0em}
div.exampleOuter {border: 4px double gray;
margin: 0em; padding: 0em}
div.exampleInner { background-color: #d5dee3;
border-top-width: 4px;
border-top-style: double;
border-top-color: #d3d3d3;
border-bottom-width: 4px;
border-bottom-style: double;
border-bottom-color: #d3d3d3;
padding: 4px; margin: 0em }
div.exampleWrapper { margin: 4px }
div.exampleHeader { font-weight: bold;
margin: 4px}
div.table,
div.figure {margin-top: 2em;
margin-bottom: 2em;
text-align: center; }
</style><link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/W3C-WG-NOTE.css"></head><body>
<div class="head"><p><a href="http://www.w3.org/"><img height="48" width="72" alt="W3C" src="http://www.w3.org/Icons/w3c_home"></a></p>
<h1>Using XML Digital Signatures in the 2006 XML
Environment</h1>
<h2>W3C Working Group Note 20 December 2006</h2><dl><dt>This version:</dt><dd><a href="http://www.w3.org/TR/2006/NOTE-DSig-usage-20061220/">http://www.w3.org/TR/2006/NOTE-DSig-usage-20061220/</a></dd><dt>Latest version:</dt><dd><a href="http://www.w3.org/TR/DSig-usage/">http://www.w3.org/TR/DSig-usage/</a></dd><dt>Previous versions:</dt><dd><a href="http://www.w3.org/TR/2006/WD-DSig-usage-20060915/">http://www.w3.org/TR/2006/WD-DSig-usage-20060915/</a></dd><dt>Editor:</dt>
<dd>Thomas Roessler, <a href="http://www.w3.org/">W3C</a></dd>
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> ©2006 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup>(<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.org/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr><div>
<h2><a name="abstract">Abstract</a></h2>
<p>This technical note describes how to use the XML Digital Signature
Recommendation [<a href="#XMLDSIG">XMLDSIG</a>] in a way consistent
with the present (fall 2006) XML environment. In particular, this
note takes into account the recent xml:id Version 1.0 [<a href="#XMLID">XMLID</a>] Recommendation, and work in progress towards
a Canonical XML Version 1.1 [<a href="#C14N11">C14N11</a>]
Recommendation.</p>
<p>This note suggests constraints on the use of XML Signature, and
relies on extension points present in the XML Digital Signature
Recommendation. This note does not override any aspect of that
Recommendation.</p>
</div><div>
<h2><a name="status">Status of this Document</a></h2>
<p><em>This section describes the status of this document at the time of its
publication. Other documents may supersede this document. A list of current
W3C publications and the latest revision of this technical report can be
found in the <a href="http://www.w3.org/TR/" shape="rect">W3C technical
reports index</a> at http://www.w3.org/TR/.</em></p>
<p>This document was developed by the <a href="http://www.w3.org/XML/Core/" shape="rect">XML Core Working Group</a>, as part of the <a href="http://www.w3.org/XML/Activity">XML Activity</a>. A companion
Note, "Known Issues with Canonical XML 1.0 (C14N/1.0)" [<a href="#C14NNOTE" shape="rect">C14NNOTE</a>], discusses in detail some
of the issues related to the inheritance of certain XML attributes and
the Canonical XML Recommendation 1.0 [<a href="#C14N10">C14N10</a>].
</p>
<p>Please send comments related to this document to <a href="mailto:www-xml-canonicalization-comments@w3.org" shape="rect">www-xml-canonicalization-comments@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/www-xml-canonicalization-comments/" shape="rect">public archive</a>).</p>
<p>Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p>
<p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/" shape="rect">5 February 2004 W3C Patent Policy</a>. W3C maintains a <a rel="disclosure" href="http://www.w3.org/2002/08/xmlcore-IPR-statements">public list of
any patent disclosures</a> made in connection with the deliverables of
the group; that page also includes instructions for disclosing a
patent. An individual who has actual knowledge of a patent which the
individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
6 of the W3C Patent Policy</a>.</p>
</div>
<hr><div class="toc">
<h2><a name="shortcontents">Short Table of Contents</a></h2><p class="toc">1. <a href="#Overview">Overview</a><br>2. <a href="#c14n11">Use of Canonical XML 1.1 with XML Signatures</a><br>3. <a href="#Algorithms">Algorithm Identifiers</a><br>4. <a href="#Ref">References</a><br>5. <a href="#Ack">Acknowledgments</a><br></p></div><hr><div class="toc">
<h2><a name="contents">Table of Contents</a></h2><p class="toc">1. <a href="#Overview">Overview</a><br>2. <a href="#c14n11">Use of Canonical XML 1.1 with XML Signatures</a><br>    2.1 <a href="#changeuri">Use Canonical XML 1.1 Instead Of Canonical XML 1.0</a><br>    2.2 <a href="#implicit">Explicitly Canonicalize All Node-Sets</a><br>3. <a href="#Algorithms">Algorithm Identifiers</a><br>4. <a href="#Ref">References</a><br>5. <a href="#Ack">Acknowledgments</a><br></p>
<h3><a name="appendix" id="appendix">Appendix</a></h3><p class="toc"></p></div><hr><div class="body">
<div class="div1">
<h2><a name="Overview"></a>1. Overview</h2>
<p>This technical note describes how to use the XML Digital
Signature Recommendation [<a href="#XMLDSIG">XMLDSIG</a>] in a way
consistent with the present (fall 2006) XML environment. In
particular, this note takes into account the recent xml:id Version
1.0 [<a href="#XMLID">XMLID</a>] Recommendation, and work in
progress towards a Canonical XML 1.1
[<a href="#C14N11">C14N11</a>] Recommendation.</p>
<p>This note suggests constraints on the use of XML Digital
Signature, and relies on extension points present in the XML Digital
Signature Recommendation. This note does not override any aspect of
that Recommendation.</p>
</div>
<div class="div1">
<h2><a name="c14n11"></a>2. Use of Canonical XML 1.1 with XML Signatures</h2>
<p>
Canonical XML 1.1 [<a href="#C14N11">C14N11</a>] revisits
assumptions made in the original Canonical XML specification [<a href="#C14N10">C14N10</a>], and that have subsequently been
invalidated by further developments in the XML area. In
particular, the transformations specified in [<a href="#C14N11">C14N11</a>] can be safely applied in the presence
of attributes such as <code>xml:id</code> [<a href="#XMLID">XMLID</a>] and
<code>xml:base</code> [<a href="#XMLBASE">XMLBASE</a>].
</p>
<div class="div2">
<h3><a name="changeuri"></a>2.1 Use Canonical XML 1.1 Instead Of Canonical XML 1.0</h3>
<p>
Implementations MUST NOT apply the Canonical XML 1.0
transformations to nodesets that contain <code>xml:id</code> or
<code>xml:base</code> elements. Implementations SHOULD apply
Canonical XML 1.1 to such nodesets.
</p>
<p>
Where canonicalization algorithms are identified by URI, the
Canonical XML 1.1 algorithms SHOULD be identified using the
algorithm URIs defined in <a href="#Algorithms">section 3</a> of
this note.
</p>
</div>
<div class="div2">
<h3><a name="implicit"></a>2.2 Explicitly Canonicalize All Node-Sets</h3>
<p>
The Reference Processing Model (<a href="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel">section
4.3.3.2</a> of [<a href="#XMLDSIG">XMLDSIG</a>]) requires use of
the Canonical XML algorithm if a data object is a node set and
the next transform requires octets.
</p>
<p>
When constructing the chain of transforms that is applied to a
given data object, implementations MUST NOT rely on this default
algorithm to convert node-sets to octet streams. Instead,
implementations SHOULD:
</p>
<ul>
<li>
add an explicit <code>&lt;ds:Transform&gt;</code> element
referencing <code>http://www.w3.org/2006/12/xml-c14n11</code> before each
<code>Transform</code> that expects an octet-stream, but is
applied to a node-set;
</li>
<li>
add an explicit <code>&lt;ds:Transform&gt;</code> element
referencing <code>http://www.w3.org/2006/12/xml-c14n11</code> as the final
<code>Transform</code>, if the last transformation generates a
node-set.
</li>
</ul>
<p>
Implementations MAY apply other transformation algorithms that
convert node-sets to octet streams.
</p>
</div>
</div>
<div class="div1">
<h2><a name="Algorithms"></a>3. Algorithm Identifiers</h2>
<p>
This section identifies additional algorithms used with the XML
digital signature specification.
</p>
<p>
Algorithms are identified by URIs that appear as an attribute to
the element that identifies the algorithms' role
(<code>DigestMethod</code>, <code>Transform</code>,
<code>SignatureMethod</code>, or
<code>CanonicalizationMethod</code>).
</p>
<p>
</p><dl>
<dt class="label">Identifiers</dt>
<dd>Canonical XML 1.1 (omits comments)<br>
<a href="http://www.w3.org/2006/12/xml-c14n11">http://www.w3.org/2006/12/xml-c14n11</a></dd>
<dd>Canonical XML 1.1 with comments<br>
<a href="http://www.w3.org/2006/12/xml-c14n11#WithComments">http://www.w3.org/2006/12/xml-c14n11#WithComments</a></dd>
</dl><p>
</p>
<p>
The specification of Canonical XML 1.1 is [<a href="#C14N11">C14N11</a>]. The algorithm is capable of taking as
input either an octet stream or an XPath node-set (or sufficiently
functional alternative). The algorithm produces an octet stream as
output. Canonical XML 1.1 is easily parameterized (via an additional
URI) to omit or retain comments.
</p>
</div>
<div class="div1">
<h2><a name="Ref"></a>4. References</h2>
<dl>
<dt class="label"><a name="C14N10"></a>[C14N10] </dt><dd>
<a href="http://www.w3.org/TR/xml-c14n"><cite>Canonical XML
Version 1.0</cite></a>, J. Boyer. W3C Recommendation, 15 March 2001,
<a href="http://www.w3.org/TR/xml-c14n">http://www.w3.org/TR/xml-c14n</a>
(<a href="http://www.w3.org/2001/03/C14N-errata">Errata</a>).
</dd>
<dt class="label"><a name="C14N11"></a>[C14N11] </dt><dd>
<a href="http://www.w3.org/TR/2006/WD-xml-c14n11-20061220/"><cite>Canonical XML
Version 1.1</cite></a>, J. Boyer, G. Marcy. Working Draft, 20 December 2006,
<a href="http://www.w3.org/TR/2006/WD-xml-c14n11-20061220/">http://www.w3.org/TR/2006/WD-xml-c14n11-20061220/</a>
(<a href="http://www.w3.org/2001/03/C14N-errata">Errata</a>).
</dd>
<dt class="label"><a name="C14NNOTE"></a>[C14NNOTE] </dt><dd>
<a href="http://www.w3.org/TR/2006/NOTE-C14N-issues-20061220/"><cite>Known
Issues with Canonical XML 1.0</cite></a>, J. Kahan, K. Lanz. W3C
Working Group Note, 20 December 2006, <a href="http://www.w3.org/TR/2006/NOTE-C14N-issues-20061220/">http://www.w3.org/TR/2006/NOTE-C14N-issues-20061220/</a>
</dd>
<dt class="label"><a name="XMLBASE"></a>[XMLBASE] </dt><dd>
<a href="http://www.w3.org/TR/2001/REC-xmlbase-20010627/"><cite>XML Base
</cite></a>, J. Marsh. W3C Recommendation, 27 June 2001,
<a href="http://www.w3.org/TR/xmlbase/">http://www.w3.org/TR/xmlbase/</a>.
</dd>
<dt class="label"><a name="XMLID"></a>[XMLID] </dt><dd>
<a href="http://www.w3.org/TR/xml-id/"><cite>xml:id Version 1.0
</cite></a>, J. Marsh, D. Veillard, N. Walsh. W3C Recommendation, 9 September 2005,
<a href="http://www.w3.org/TR/xml-id/">http://www.w3.org/TR/xml-id/</a>.
</dd>
<dt class="label"><a name="XMLDSIG"></a>[XMLDSIG] </dt><dd><a href="http://www.w3.org/TR/xmldsig-core/"><cite>XML-Signature Syntax and
Processing</cite></a>, D. Eastlake, J. R., D. Solo, M. Bartel,
J. Boyer , B. Fox , E. Simon. W3C Recommendation, 12 February
2002, <a href="http://www.w3.org/TR/xmldsig-core/">http://www.w3.org/TR/xmldsig-core/</a>.
</dd>
</dl>
</div>
<div class="div1">
<h2><a name="Ack"></a>5. Acknowledgments</h2>
<p>
This note is based on based on input from John Boyer, Roy Fielding,
Philippe Le Hegaret, José Kahan, Konrad Lanz, Larry Masinter, Henry
Thompson, the members of the XML Core Working Group, and the members
of the xml-dsig mailing list.
</p>
</div>
</div>
<div class="back">
</div>
</body></html>