Donald Eastlake
has announced
the initial Working Draft of Exclusive XML
Canonicalization, a canonicalization method built on XML Canonicalization
that reduces the sensitivity of canonicalized XML fragments to context
changes, a feature needed to sign subdocuments.
While XML Canonicalization
does a good job, when applied to XML fragments, of including all inherited information
(such as attributes from the XML namespaces and namespaces declarations), it
can sometimes include information that is not needed by the fragment (such as
unused namespace declarations) creating a risk that the fragment will be
erroneously detected as different when moved to another context:
Canonical XML [XML-C14N]
recommends a standard means of serializing XML that, when applied to a
subdocument, includes its namespace and some other XML context. However, for
many applications, it is desirable to have a method which, to the extent practical,
excludes such context. In particular, where a digital signature over an XML
subdocument is needed which will not break when that subdocument is removed
from its original document and/or inserted into a different document. The
Exclusive XML Canonicalization method described herein provides such a method.
A common
issue with trying to minimize or rewrite namespace prefixes is that some XML applications use QNames in node values, making it impossible to determine if a prefix is being used without prior knowledge of the vocabulary that is being manipulated.
As a workaround, Exclusive XML Canonicalization provides a parameter named UnsuppressedNamespacePrefixList
that can be specified while calling the canonicalization process to specify a list of prefixes that cannot be suppressed.
Other
stories: