[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] XML vs the Dreaded Whitespace
I'm part of a group that has decided to use XML as an encoding for documents which are effectively carrying transactions. Seeing XML make it to Proposed Recommendation is great, and makes our decision less of a concern. Part of this work requires that these documents carry document authentication information. This, in turn, requires that some regions of an XML document must be transported *exactly*, and must be received and checked identically so that the message authentication actually works. That fact that we are considering the idea of including email as a transport mechanism doesn't help matters. There are two questions at hand, largely directed at those creating parsers. I'd like to know if the application requirements we are proposing ("what to do with the document") are going to be incredibly difficult to manage, given what the parsers are providing. I confess I'm just getting started here - I will get to investigating the various parsers. For now the questions may be useful anyway. The first criteria is that message authentication is applied to an element in the document. This is a start to precisely defining what is being checked. The second criteria is that the message authentication must be applied to the XML document as represented in UTF-16 encoding, with big-endian convention, AS IT IS WRITTEN. This is to prevent us having to specify a consistent *internal* representation. The XML spec itself helps define a consistent *external* representation, which we figure is easier to stick with than dealing with all the cross-platform issues. The question: can this readily be dealt with? Is it straight-forward to ask for MessageAuthentication over <element>...</element>, with all the content included? The second question is much less firm right now. We would like make whitespace handling robust - if someone along the way uses a tool which breaks a line, we should be able to fix it rather than die. If we add the following character entities to our DTD, <!ENTITY spc " "> <!ENTITY tab "	"> <!ENTITY cr " "> <!ENTITY lf " "> then it should be possible to use these to represent 'wanted' whitespace, and thus allow for a simple rule prior to checking message authentication - that is, remove all 'native' space, tab, LF, and CR from the #PCDATA and check what remains (whitespace inside tags is handled in a more draconian fashion). (According to the previous section, "Hi&spc;there!" will be checked exactly that way you see it here - not as "Hi there!" The question? - is this distinction (between eg the native 0x0009 and &tab; (which converts to 0x0009) going to be difficult to keep track of? --------------------------------------------------------------------------- Chris Smith <smith@i...> xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@i... Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ To (un)subscribe, mailto:majordomo@i... the following message; (un)subscribe xml-dev To subscribe to the digests, mailto:majordomo@i... the following message; subscribe xml-dev-digest List coordinator, Henry Rzepa (mailto:rzepa@i...)
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|