You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Otmar Lendl <le...@nic.at> on 2004/08/05 13:53:20 UTC

Canonicalization and whitespaces/pretty-print

Hello everybody,

as others before me, my application of XMLDSIG would benefit from
more flexibility of the available canonicalization algorithms with
respect to whitespaces in non-terminal nodes.

We're trying to use signed XML snippets generated by one party 
to act as some sort of "ownership certificates" when two other
parties communicate with each other with an XML-based protocol.

The issue of namespace pollution after inserting such a signed
XML fragment into a larger XML document seems to be covered by
xml-exc-c14n.

Our documents will consist of chunks like 

  <enum-token:validation id="acme-134567890">
    <enum-token:e164number>+43123456789</enum-token:e164number>
    <enum-token:validator>EXAMPLEVE</enum-token:validator>
    <enum-token:registrarid>ACME-REG</enum-token:registrarid>
    <enum-token:keyid>acme-key1</enum-token:keyid>
    <enum-token:createdate>2004-08-04</enum-token:createdate>
    <enum-token:expiredate>2005-02-04</enum-token:expiredate>
  </enum-token:validation>

where all significant information is in leaf nodes and all other
text content (especially whitespaces) is completely irrelevant.
We'd prefer if the signature reflects this. E.g. pretty-printing and
manual copy'n'paste (with the inevitable space/tab/line-break changes)
shouldn't invalidate the signature.

The signature will be embedded, and the document structure is protected
by a schema check.

Googling around and searching various list archives yielded no
simple and straightforward solution. The closest match I found was in
http://lists.oasis-open.org/archives/ebxml-msg/200112/msg00226.html

There, a simple XSL transform calling <xsl:strip-space> is used,
although I don't don't quite get the issue with SignedInfo he's raising.

As this mail is almost 3 years old, I'd like to solicit some more
comments on this issue before I decide on our way forward. 

* There is still no W3C standard to do such a transform?

* Is there a best-practice XSL (or Xpath) transform which I could use?

* Any other recommendations for me?

Thanks,

/ol
-- 
< Otmar Lendl (lendl@nic.at) | nic.at Systems Engineer >