ISSUE-59: xml security algorithm URIs are not defined in consistent location leading to confusion

consistent single location to define c14n URIs

xml security algorithm URIs are not defined in consistent location leading to confusion

State:
CLOSED
Product:
Errata-C14N
Raised by:
Frederick Hirsch
Opened on:
2008-10-07
Description:
Title: Canonicalization URIs are not defined in consistent location leading to confusion

Description:

URIs for canonicalization algorithms are not defined in consistent and clear locations. As a result, it is possible for adopters to use an incorrect URI finding only some, but not all definitions.

URIs are currently defined as follows:

(a) The XML Signature Recommendation (both first and second edition) defines URIs for inclusive canonicalization:

Identifier for REQUIRED Canonical XML 1.0 (omits comments):
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Identifier for Canonical XML 1.0 with Comments:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments

and in second edition also:
Identifier for REQUIRED Canonical XML 1.1 (omits comments):
http://www.w3.org/2006/12/xml-c14n11
Identifier for Canonical XML 1.1 with Comments:
http://www.w3.org/2006/12/xml-c14n11#WithComments

see
http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-c14nAlg

(b) The Exclusive Canonicalization Recommendation defines the following URIs for exclusive canonicalization in section 4 ;

http://www.w3.org/2001/10/xml-exc-c14n#
http://www.w3.org/2001/10/xml-exc-c14n#WithComments

See http://www.w3.org/TR/xml-exc-c14n/#sec-Use

c) RFC 4051 defines a URI for minimal canonicalization (however this may not be adopted)

http://tools.ietf.org/html/rfc4051

The issue is the following:

a. The Canonical XML 1.0 and Canonical XML 1.1. Recommendations do not define the URIs for canonicalization, and more importantly do not indicate where they are defined.

b. The XML Signature Rec and the Canonical XML Recs have no indication of where the URI for exclusive canonicalization is defined.

c. The RFC is not well known.

Proposal:

We define a new REC that defines all the Canonicalization URIs, and update both Canonicalization 1.1, Exclusive Canonicalization and XML Signature to reference this document explicitly, noting that the URIs are defined in that document, in particular in the sections that used to define the URIs.

Remove URI definitions for canonicalization from the XML SIgnature and Canonicalization Recs.

Related Actions Items:
No related actions
Related emails:
  1. ISSUE-59 (consistent single location to define c14n URIs): Canonicalization URIs are not defined in consistent location leading to confusion [Errata-C14N] (from sysbot+tracker@w3.org on 2008-10-07)

Related notes:

all URIS for xml securiy

Frederick Hirsch, 20 Oct 2008, 15:43:55

Addressed by algorithm cross-reference.

Thomas Roessler, 6 Apr 2009, 13:44:57

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 59.html,v 1.1 2017/01/10 16:24:53 carine Exp $