ISSUE-59: xml security algorithm URIs are not defined in consistent location leading to confusion
consistent single location to define c14n URIs
xml security algorithm URIs are not defined in consistent location leading to confusion
- State:
- CLOSED
- Product:
- Errata-C14N
- Raised by:
- Frederick Hirsch
- Opened on:
- 2008-10-07
- Description:
- Title: Canonicalization URIs are not defined in consistent location leading to confusion
Description:
URIs for canonicalization algorithms are not defined in consistent and clear locations. As a result, it is possible for adopters to use an incorrect URI finding only some, but not all definitions.
URIs are currently defined as follows:
(a) The XML Signature Recommendation (both first and second edition) defines URIs for inclusive canonicalization:
Identifier for REQUIRED Canonical XML 1.0 (omits comments):
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Identifier for Canonical XML 1.0 with Comments:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
and in second edition also:
Identifier for REQUIRED Canonical XML 1.1 (omits comments):
http://www.w3.org/2006/12/xml-c14n11
Identifier for Canonical XML 1.1 with Comments:
http://www.w3.org/2006/12/xml-c14n11#WithComments
see
http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-c14nAlg
(b) The Exclusive Canonicalization Recommendation defines the following URIs for exclusive canonicalization in section 4 ;
http://www.w3.org/2001/10/xml-exc-c14n#
http://www.w3.org/2001/10/xml-exc-c14n#WithComments
See http://www.w3.org/TR/xml-exc-c14n/#sec-Use
c) RFC 4051 defines a URI for minimal canonicalization (however this may not be adopted)
http://tools.ietf.org/html/rfc4051
The issue is the following:
a. The Canonical XML 1.0 and Canonical XML 1.1. Recommendations do not define the URIs for canonicalization, and more importantly do not indicate where they are defined.
b. The XML Signature Rec and the Canonical XML Recs have no indication of where the URI for exclusive canonicalization is defined.
c. The RFC is not well known.
Proposal:
We define a new REC that defines all the Canonicalization URIs, and update both Canonicalization 1.1, Exclusive Canonicalization and XML Signature to reference this document explicitly, noting that the URIs are defined in that document, in particular in the sections that used to define the URIs.
Remove URI definitions for canonicalization from the XML SIgnature and Canonicalization Recs.
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-59 (consistent single location to define c14n URIs): Canonicalization URIs are not defined in consistent location leading to confusion [Errata-C14N] (from sysbot+tracker@w3.org on 2008-10-07)
Related notes:
all URIS for xml securiy
Frederick Hirsch, 20 Oct 2008, 15:43:55Addressed by algorithm cross-reference.
Thomas Roessler, 6 Apr 2009, 13:44:57Display change log