[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Canonicalizer that uses XML Schemas (rather than DTDs)?
> Is it not time to update the XML canonicalization specification? Why do you need canonicalization? The most common use is for security, where c14n is necessary for digital signatures. If you are signing something, then you must sign both the XML document, and the associated schema. If you don't sign the schema, then the recipient (or an adversary) can change the schema and your signature will be "broken." For example, if a conference requires a digitally signed submission (because it includes, say, intellectual property issues), and they validate submissions against a DTD, or RNG, or whatever, then your signed submission better cover the schema or your academic competitor could get your submission invalidated. DTD's are different from other XML Schema languages in that they can be embedded in the XML document. Therefore, stripping out the DTD and expanding it in-line is sensible and efficient. (It also doesn't require us to define DTD c14n.) And, of course, SOAP outlaws DTD's. In other words, for security reasons, DTD's are treated special because they are special, and in cases where they aren't, it's a matter for the DSIG spec, not the c14n specs. Make sense? /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|