draft-ietf-xmldsig-canonical-00.txt   draft-ietf-xmldsig-canonical-01.txt 
INTERNET-DRAFT Canonical XML INTERNET-DRAFT Canonical XML
Expires May 2001 November 2000 Expires July 2001 January 2001
Canonical XML Canonical XML
Version 1.0 Version 1.0
<draft-ietf-xmldsig-canonical-00.txt> <draft-ietf-xmldsig-canonical-01.txt>
John Boyer John Boyer
Status of This Document Status of This Document
This document is a product of the joint IETF/W3C XMLDSIG working This document is a product of the joint IETF/W3C XMLDSIG working
group. It is intended to become an Informational RFC version of the group. It is intended to become an Informational RFC version of the
W3C Candidate Recommendation of the same name W3C Proposed Recommendation of the same name
<http://www.w3.org/TR/2000/CR-xml-c14n-20001026>. Distribution of <http://www.w3.org/TR/2000/PR-xml-c14n-20010119>. Distribution of
this document is unlimited. Comments should be sent to the XMLDSIG WG this document is unlimited. Comments should be sent to the XMLDSIG WG
mailing list <w3c-ietf-xmldsig@w3.org> or to the author. mailing list <w3c-ietf-xmldsig@w3.org> or to the author.
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. Internet-Drafts are all provisions of Section 10 of RFC 2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 4, line 8 skipping to change at page 4, line 8
Subsets...............................................25 Subsets...............................................25
4.8 Sorting Attributes by Namespace URI...................26 4.8 Sorting Attributes by Namespace URI...................26
References................................................26 References................................................26
Author's Address..........................................28 Author's Address..........................................28
Expiration and File Name..................................28 Expiration and File Name..................................28
1. Introduction 1. Introduction
The XML 1.0 Recommendation [XML] specifies the syntax of a class of The XML 1.0 Recommendation [XML] specifies the syntax of a class of
resources called XML documents. The XML Namespaces Recommendation resources called XML documents. The Namespaces in XML Recommendation
[Names] specifies additional syntax and semantics for XML documents. [Names] specifies additional syntax and semantics for XML documents.
It is possible for XML documents which are equivalent for the It is possible for XML documents which are equivalent for the
purposes of many applications to differ in physical representation. purposes of many applications to differ in physical representation.
For example, they may differ in their entity structure, attribute For example, they may differ in their entity structure, attribute
ordering, and character encoding. It is the goal of this ordering, and character encoding. It is the goal of this
specification to establish a method for determining whether two specification to establish a method for determining whether two
documents are identical, or whether an application has not changed a documents are identical, or whether an application has not changed a
document, except for transformations permitted by XML 1.0 and document, except for transformations permitted by XML 1.0 and
Namespaces. Namespaces.
skipping to change at page 4, line 43 skipping to change at page 4, line 43
* The document is encoded in UTF-8 * The document is encoded in UTF-8
* Line breaks normalized to #xA on input, before parsing * Line breaks normalized to #xA on input, before parsing
* Attribute values are normalized, as if by a validating processor * Attribute values are normalized, as if by a validating processor
* Character and parsed entity references are replaced * Character and parsed entity references are replaced
* CDATA sections are replaced with their character content * CDATA sections are replaced with their character content
* The XML declaration and document type declaration (DTD) are * The XML declaration and document type declaration (DTD) are
removed removed
* Empty elements are converted to start-end tag pairs * Empty elements are converted to start-end tag pairs
* Whitespace outside of the document element and within start and * Whitespace outside of the document element and within start and
end tags are normalized end tags is normalized
* All whitespace in character content is retained (excluding * All whitespace in character content is retained (excluding
characters removed during linefeed normalization) characters removed during linefeed normalization)
* Attribute value delimiters are set to double quotes * Attribute value delimiters are set to quotation marks (double
quotes)
* Special characters in attribute values and character content are * Special characters in attribute values and character content are
replaced by character references replaced by character references
* Superfluous namespace declarations are removed from each element * Superfluous namespace declarations are removed from each element
* Default attributes are added to each element * Default attributes are added to each element
* Lexicographic order is imposed on the namespace declarations and * Lexicographic order is imposed on the namespace declarations and
attributes of each element attributes of each element
The term canonical XML refers to XML that is in canonical form. The The term canonical XML refers to XML that is in canonical form. The
XML canonicalization method is the algorithm defined by this XML canonicalization method is the algorithm defined by this
specification that generates the canonical form of a given XML specification that generates the canonical form of a given XML
document or document subset. The term XML canonicalization refers to document or document subset. The term XML canonicalization refers to
skipping to change at page 6, line 25 skipping to change at page 6, line 25
whitespace and equivalent data (e.g. <color>black</color> versus whitespace and equivalent data (e.g. <color>black</color> versus
<color>rgb(0,0,0)</color>). There are also equivalencies established <color>rgb(0,0,0)</color>). There are also equivalencies established
by other W3C Recommendations and Working Drafts. Accounting for by other W3C Recommendations and Working Drafts. Accounting for
these additional equivalence rules is beyond the scope of this work. these additional equivalence rules is beyond the scope of this work.
They can be applied by the application or become the subject of They can be applied by the application or become the subject of
future specifications. future specifications.
The canonical form of an XML document may not be completely The canonical form of an XML document may not be completely
operational within the application context, though the circumstances operational within the application context, though the circumstances
under which this occurs are unusual. This problem may be of concern under which this occurs are unusual. This problem may be of concern
in certain applications since a canonical form and its canonical form in certain applications since the canonical form of a document and the
are equivalent. For example, in a digital signature application, the canonical form of the canonical form of the document are equivalent.
canonical form can be substituted for the original document without For example, in a digital signature application, the canonical form
changing the digest calculation. However, the security risk only can be substituted for the original document without changing the
occurs in the unusual circumstances described below, which can all be digest calculation. However, the security risk only occurs in the
resolved or at least detected prior to digital signature generation. unusual circumstances described below, which can all be resolved or
at least detected prior to digital signature generation.
The difficulties arise due to the loss of the following information The difficulties arise due to the loss of the following information
not available in the data model: not available in the data model:
1. base URI, especially in content derived from the replacement 1. base URI, especially in content derived from the replacement
text of external general parsed entity references text of external general parsed entity references
2. notations and external unparsed entity references 2. notations and external unparsed entity references
3. attribute types in the document type declaration 3. attribute types in the document type declaration
In the first case, note that a document containing a relative URI In the first case, note that a document containing a relative URI
skipping to change at page 7, line 39 skipping to change at page 7, line 40
type declaration is prepended prior to using the canonical form in type declaration is prepended prior to using the canonical form in
further XML processing. This is likely to be an easy task since further XML processing. This is likely to be an easy task since
attribute lists are usually acquired from a standard external DTD attribute lists are usually acquired from a standard external DTD
subset, and any entity and notation declarations not also in the subset, and any entity and notation declarations not also in the
external DTD subset are typically constructed from application external DTD subset are typically constructed from application
configuration information and added to the internal DTD subset. configuration information and added to the internal DTD subset.
While these limitations are not severe, it would be possible to While these limitations are not severe, it would be possible to
resolve them in a future version of XML canonicalization if, for resolve them in a future version of XML canonicalization if, for
example, a new version of XPath were created based on the XML example, a new version of XPath were created based on the XML
Information Set [InfoSet] currently under development at the W3C. Information Set [Infoset] currently under development at the W3C.
2. XML Canonicalization 2. XML Canonicalization
2.1 Data Model 2.1 Data Model
The data model defined in the XPath 1.0 Recommendation [XPath] is The data model defined in the XPath 1.0 Recommendation [XPath] is
used to represent the input XML document or document subset. used to represent the input XML document or document subset.
Implementations SHOULD but need not be based on an XPath Implementations SHOULD but need not be based on an XPath
implementation. XML canonicalization is defined in terms of the XPath implementation. XML canonicalization is defined in terms of the XPath
definition of a node-set, and implementations MUST produce equivalent definition of a node-set, and implementations MUST produce equivalent
skipping to change at page 10, line 8 skipping to change at page 10, line 8
canonicalization MUST NOT be implemented with an XML parser canonicalization MUST NOT be implemented with an XML parser
that converts relative URIs to absolute URIs. that converts relative URIs to absolute URIs.
Character content is represented in the XPath data model with text Character content is represented in the XPath data model with text
nodes. All consecutive characters are placed into a single text nodes. All consecutive characters are placed into a single text
node. Furthermore, the text node's characters are represented in the node. Furthermore, the text node's characters are represented in the
UCS character domain. The XML canonicalization method does not UCS character domain. The XML canonicalization method does not
perform character model normalization (see explanation in Section 4). perform character model normalization (see explanation in Section 4).
However, the XML processor used to prepare the XPath data model input However, the XML processor used to prepare the XPath data model input
is REQUIRED to use Normalization Form C [NFC] when converting an XML is REQUIRED to use Normalization Form C [NFC] when converting an XML
document to the UCS character domain from a non-Unicode encoding. document to the UCS character domain from any encoding that is not
UCS-based (currently, UCS-based encodings include UTF-8, UTF-16,
UTF-16BE, and UTF-16LE, UCS-2, and UCS-4).
Since XML canonicalization converts an XPath node-set into a Since XML canonicalization converts an XPath node-set into a
canonical form, the first parameter MUST either be an XPath node-set canonical form, the first parameter MUST either be an XPath node-set
or it must be converted from an octet stream to a node-set by or it must be converted from an octet stream to a node-set by
performing the XML processing necessary to create the XPath nodes performing the XML processing necessary to create the XPath nodes
described above, then setting an initial XPath evaluation context of: described above, then setting an initial XPath evaluation context of:
* A context node, initialized to the root node of the input XML * A context node, initialized to the root node of the input XML
document. document.
* A context position, initialized to 1. * A context position, initialized to 1.
skipping to change at page 12, line 41 skipping to change at page 12, line 41
bracket (>), the result of processing the child nodes of the bracket (>), the result of processing the child nodes of the
element that are in the node-set (in document order), an open element that are in the node-set (in document order), an open
angle bracket, a forward slash (/), the element QName, and a angle bracket, a forward slash (/), the element QName, and a
close angle bracket. close angle bracket.
* *
o Namespace Axis- Consider a list L containing only namespace o Namespace Axis- Consider a list L containing only namespace
nodes in the axis and in the node-set in lexicographic order nodes in the axis and in the node-set in lexicographic order
(ascending). To begin processing L, if the first node is not (ascending). To begin processing L, if the first node is not
the default namespace node (a node with no namespace URI and the default namespace node (a node with no namespace URI and
no local name), then generate a space followed by xmlns=3D"" no local name), then generate a space followed by xmlns=""
if and only if the following conditions are met: if and only if the following conditions are met:
+ the element E that owns the axis is in the node-set + the element E that owns the axis is in the node-set
+ The nearest ancestor element of E in the node-set has a + The nearest ancestor element of E in the node-set has a
default namespace node in the node-set (default namespace default namespace node in the node-set (default namespace
nodes always have non-empty values in XPath) nodes always have non-empty values in XPath)
The latter condition eliminates unnecessary occurrences of The latter condition eliminates unnecessary occurrences of
xmlns="" in the canonical form since an element only receives xmlns="" in the canonical form since an element only receives
an xmlns="" if its default namespace is empty and if it has an xmlns="" if its default namespace is empty and if it has
skipping to change at page 13, line 21 skipping to change at page 13, line 21
* Namespace Nodes- A namespace node N is ignored if the nearest * Namespace Nodes- A namespace node N is ignored if the nearest
ancestor element of the node's parent element that is in the ancestor element of the node's parent element that is in the
node-set has a namespace node in the node-set with the same node-set has a namespace node in the node-set with the same
local name and value as N. Otherwise, process the namespace node local name and value as N. Otherwise, process the namespace node
N in the same way as an attribute node, except assign the local N in the same way as an attribute node, except assign the local
name xmlns to the default namespace node if it exists (in XPath, name xmlns to the default namespace node if it exists (in XPath,
the default namespace node has an empty URI and local name). the default namespace node has an empty URI and local name).
* Attribute Nodes- a space, the node's QName, an equals sign, an * Attribute Nodes- a space, the node's QName, an equals sign, an
open double quote, the modified string value, and a close double open quotation mark (double quote), the modified string value,
quote. The string value of the node is modified by replacing and a close quotation mark (double quote). The string value of
all ampersands (&) with &amp;, all open angle brackets (<) with the node is modified by replacing all ampersands (&) with &amp;,
&lt;, all double quote characters with &quot;, and the all open angle brackets (<) with &lt;, all quotation mark (double
whitespace characters #x9, #xA, and #xD, with character quote) characters with &quot;, and the whitespace characters #x9,
references. The character references are written in uppercase #xA, and #xD, with character references. The character references
hexadecimal with no leading zeroes (for example, #xD is are written in uppercase hexadecimal with no leading zeroes (for
represented by the character reference &#xD;). example, #xD is represented by the character reference &#xD;).
* Text Nodes- the string value, except all ampersands are replaced * Text Nodes- the string value, except all ampersands are replaced
by &amp;, all open angle brackets (<) are replaced by &lt;, all by &amp;, all open angle brackets (<) are replaced by &lt;, all
closing angle brackets (>) are replaced by &gt;, and all #xD closing angle brackets (>) are replaced by &gt;, and all #xD
characters are replaced by &#xD;. characters are replaced by &#xD;.
* Processing Instruction (PI) Nodes- The opening PI symbol (<?, * Processing Instruction (PI) Nodes- The opening PI symbol (<?),
the PI target name of the node, a leading space and the string the PI target name of the node, a leading space and the string
value if it is not empty, and the closing PI symbol (?>). If the value if it is not empty, and the closing PI symbol (?>). If the
string value is empty, then the leading space is not added. string value is empty, then the leading space is not added.
Also, a trailing #xA is rendered after the closing PI symbol for Also, a trailing #xA is rendered after the closing PI symbol for
PI children of the root node with a lesser document order than PI children of the root node with a lesser document order than
the document element, and a leading #xA is rendered before the the document element, and a leading #xA is rendered before the
opening PI symbol of PI children of the root node with a greater opening PI symbol of PI children of the root node with a greater
document order than the document element. document order than the document element.
* Comment Nodes- Nothing if generating canonical XML without * Comment Nodes- Nothing if generating canonical XML without
skipping to change at page 14, line 27 skipping to change at page 14, line 27
generated by default, which can be a proper subset of the document if generated by default, which can be a proper subset of the document if
the comments are omitted). Implementations of XML canonicalization the comments are omitted). Implementations of XML canonicalization
that are based on XPath can provide this functionality with little that are based on XPath can provide this functionality with little
additional overhead by accepting a node-set as input rather than an additional overhead by accepting a node-set as input rather than an
octet stream. octet stream.
The processing of an element node E MUST be modified slightly when an The processing of an element node E MUST be modified slightly when an
XPath node-set is given as input and the element's parent is omitted XPath node-set is given as input and the element's parent is omitted
from the node-set. The method for processing the attribute axis of an from the node-set. The method for processing the attribute axis of an
element E in the node-set is enhanced. All element nodes along E's element E in the node-set is enhanced. All element nodes along E's
ancestor axis are examined for nearest occurences of attributes in ancestor axis are examined for nearest occurrences of attributes in
the xml namespace, such as xml:lang and xml:space (whether or not the xml namespace, such as xml:lang and xml:space (whether or not
they are in the node-set). From this list of attributes, remove any they are in the node-set). From this list of attributes, remove any
that are in E's attribute axis (whether or not they are in the node- that are in E's attribute axis (whether or not they are in the node-
set). Then, lexicographically merge this attribute list with the set). Then, lexicographically merge this attribute list with the
nodes of E's attribute axis that are in the node-set. The result of nodes of E's attribute axis that are in the node-set. The result of
visiting the attribute axis is computed by processing the attribute visiting the attribute axis is computed by processing the attribute
nodes in this merged attribute list. nodes in this merged attribute list.
Note: XML entities can derive application-specific meaning from Note: XML entities can derive application-specific meaning from
anywhere in the XML markup as well as by rules not expressed in anywhere in the XML markup as well as by rules not expressed in
skipping to change at page 18, line 13 skipping to change at page 18, line 13
</doc> </doc>
Canonical Form Canonical Form
-------------- --------------
<doc> <doc>
<e1></e1> <e1></e1>
<e2></e2> <e2></e2>
<e3 id="elem3" name="elem3"></e3> <e3 id="elem3" name="elem3"></e3>
<e4 id="elem4" name="elem4"></e4> <e4 id="elem4" name="elem4"></e4>
<e5 xmlns="http://www.uvic.ca" xmlns:a="http://www.w3.org" <e5 xmlns="http://www.uvic.ca" xmlns:a="http://www.w3.org"
xmlns:b="http://www.ietf.org" attr="I'm" attr2="all" b:attr="sorted" xmlns:b="http://www.ietf.org" attr="I'm" attr2="all"
a:attr="out"></e5> b:attr="sorted" a:attr="out"></e5>
<e6 xmlns:a="http://www.w3.org"> <e6 xmlns:a="http://www.w3.org">
<e7 xmlns="http://www.ietf.org"> <e7 xmlns="http://www.ietf.org">
<e8 xmlns=""> <e8 xmlns="">
<e9 xmlns:a="http://www.ietf.org" attr="default"></e9> <e9 xmlns:a="http://www.ietf.org" attr="default"></e9>
</e8> </e8>
</e7> </e7>
</e6> </e6>
</doc> </doc>
Demonstrates: Demonstrates:
skipping to change at page 19, line 42 skipping to change at page 19, line 42
?&quot; ?&quot;
valid&quot;:&quot;error&quot;">valid</compute> valid&quot;:&quot;error&quot;">valid</compute>
<norm attr=" ' &#xD;&#xA;&#x9; ' "></norm> <norm attr=" ' &#xD;&#xA;&#x9; ' "></norm>
<normNames attr="A &#xD;&#xA;&#x9; B"></normNames> <normNames attr="A &#xD;&#xA;&#x9; B"></normNames>
<normId id="' &#xD;&#xA;&#x9; '"></normId> <normId id="' &#xD;&#xA;&#x9; '"></normId>
</doc> </doc>
Demonstrates: Demonstrates:
* Character reference replacement * Character reference replacement
* Attribute value delimiters set to double quotes * Attribute value delimiters set to quotation marks (double
quotes)
* Attribute value normalization * Attribute value normalization
* CDATA section replacement * CDATA section replacement
* Encoding of special characters as character references in * Encoding of special characters as character references in
attribute values (&amp;, &lt;, &quot;, &#xD;, &#xA;, &#x9;) attribute values (&amp;, &lt;, &quot;, &#xD;, &#xA;, &#x9;)
* Encoding of special characters as character references in text * Encoding of special characters as character references in text
(&amp;, &lt;, &gt;, &#xD;) (&amp;, &lt;, &gt;, &#xD;)
Note: The last element, normId, is well-formed but violates a Note: The last element, normId, is well-formed but violates a
validity constraint for attributes of type ID. For testing validity constraint for attributes of type ID. For testing
canonical XML implementations based on validating processors, canonical XML implementations based on validating processors,
remove the line containing this element from the input and remove the line containing this element from the input and
canonical form. In general, XML consumers should be discouraged canonical form. In general, XML consumers should be discouraged
from using this feature of XML. from using this feature of XML.
Note: Whitespace characters references other than &#x20; are not Note: Whitespace characters references other than &#x20; are not
affected by attribute value normalization [XML Errata, E70]. affected by attribute value normalization [XML].
Note: In the canonical form, the value of the attribute named attr in Note: In the canonical form, the value of the attribute named attr in
the element norm begins with a space, a single quote, then four the element norm begins with a space, a single quote, then four
spaces before the first character reference. spaces before the first character reference.
Note: The expr attribute of the second compute element contains no Note: The expr attribute of the second compute element contains no
line breaks. line breaks.
3.5 Entity References 3.5 Entity References
skipping to change at page 22, line 32 skipping to change at page 22, line 32
or-self stays the same size under union with the element or-self stays the same size under union with the element
identified by E3). identified by E3).
Note: The canonical form contains no line delimiters. Note: The canonical form contains no line delimiters.
4 Resolutions 4 Resolutions
This section discusses a number of key decision points as well as a This section discusses a number of key decision points as well as a
rationale for each decision. Although this specification now defines rationale for each decision. Although this specification now defines
XML canonicalization in terms of the XPath data model rather than XML XML canonicalization in terms of the XPath data model rather than XML
InfoSet, the canonical form described in this document is quite Infoset, the canonical form described in this document is quite
similar in most respects to the canonical form described in the similar in most respects to the canonical form described in the
January 2000 Canonical XML draft [C14N-20000119]. However, some January 2000 Canonical XML draft [C14N-20000119]. However, some
differences exist, and a number of the subsections discuss the differences exist, and a number of the subsections discuss the
changes. changes.
4.1 No XML Declaration 4.1 No XML Declaration
The XML declaration, including version number and character encoding The XML declaration, including version number and character encoding
is omitted from the canonical form. The encoding is not needed since is omitted from the canonical form. The encoding is not needed since
the canonical form is encoded in UTF-8. The version is not needed the canonical form is encoded in UTF-8. The version is not needed
since the absence of a version number unambiguously indicates XML since the absence of a version number unambiguously indicates XML
1.0. 1.0.
Future versions of XML will be required to include an XML declaration Future versions of XML will be required to include an XML declaration
to indicate the version number. However, canonicalization method to indicate the version number. However, canonicalization method
described in this specification may not be applicable to future described in this specification may not be applicable to future
versions of XML without some modifications. When canonicalization of versions of XML without some modifications. When canonicalization of
a new version of XML is required, this specification could be updated a new version of XML is required, this specification could be updated
to include the XML declaration as presumably the absence of the XML to include the XML declaration as presumably the absence of the XML
declaration from the XPath data model can be remedied by that time declaration from the XPath data model can be remedied by that time
(e.g. by reissuing a new XPath based on the InfoSet data model). (e.g. by reissuing a new XPath based on the Infoset data model).
4.2 No Character Model Normalization 4.2 No Character Model Normalization
The Unicode standard [Unicode] allows multiple different The Unicode standard [Unicode] allows multiple different
representations of certain "precomposed characters" (a simple example representations of certain "precomposed characters" (a simple example
is +U00E7, "LATIN SMALL LETTER C WITH CEDILLA"). Thus two XML is +U00E7, "LATIN SMALL LETTER C WITH CEDILLA"). Thus two XML
documents with content that is equivalent for the purposes of most documents with content that is equivalent for the purposes of most
applications may contain differing character sequences. The W3C is applications may contain differing character sequences. The W3C is
preparing a normalized representation [CharModel]. The C14N-20000119 preparing a normalized representation [CharModel]. The C14N-20000119
Canonical XML draft used this normalized form. However, many XML 1.0 Canonical XML draft used this normalized form. However, many XML 1.0
processors do not perform this normalization. Furthermore, processors do not perform this normalization. Furthermore,
applications that must solve this problem typically enforce character applications that must solve this problem typically enforce character
model normalization at all times starting when character content is model normalization at all times starting when character content is
created in order to avoid processing failures that could otherwise created in order to avoid processing failures that could otherwise
result (e.g. see example from Cowan). Therefore, character model result (e.g. see example from Cowan). Therefore, character model
normalization has been moved out of scope for XML canonicalization. normalization has been moved out of scope for XML canonicalization.
However, the XML processor used to prepare the XPath data model input However, the XML processor used to prepare the XPath data model input
is required (by the Data Model) to use Normalization Form C [NFC] is required (by the Data Model) to use Normalization Form C [NFC]
when converting an XML document to the UCS character domain from a when converting an XML document to the UCS character domain from any
non-Unicode encoding. encoding that is not UCS-based (currently, UCS-based encodings include
UTF-8, UTF-16, UTF-16BE, and UTF-16LE, UCS-2, and UCS-4).
4.3 Handling of Whitespace Outside Document Element 4.3 Handling of Whitespace Outside Document Element
The C14N-20000119 Canonical XML draft placed a #xA after each PI The C14N-20000119 Canonical XML draft placed a #xA after each PI
outside of the document element as well as a #xA after the end tag of outside of the document element as well as a #xA after the end tag of
the document element. The method in this specification performs the the document element. The method in this specification performs the
same function except for omitting the final #xA after the last PI (or same function except for omitting the final #xA after the last PI (or
comment or end tag of the document element). This technique ensures comment or end tag of the document element). This technique ensures
that PI (and comment) children of the root are separated from markup that PI (and comment) children of the root are separated from markup
by a linefeed even if root node or the document element are omitted by a linefeed even if root node or the document element are omitted
skipping to change at page 24, line 15 skipping to change at page 24, line 15
namespace prefixes would damage such a document by changing its namespace prefixes would damage such a document by changing its
meaning (and it cannot be logically equivalent if its meaning has meaning (and it cannot be logically equivalent if its meaning has
changed). changed).
More formally, let D1 be a document containing an XPath in an More formally, let D1 be a document containing an XPath in an
attribute value or element content that refers to namespace prefixes attribute value or element content that refers to namespace prefixes
used in D1. Further assume that the namespace prefixes in D1 will used in D1. Further assume that the namespace prefixes in D1 will
all be rewritten by the canonicalization method. Let D23D D1, then all be rewritten by the canonicalization method. Let D23D D1, then
modify the namespace prefixes in D2 and modify the XPath expression's modify the namespace prefixes in D2 and modify the XPath expression's
references to namespace prefixes such that D2 and D1 remain logically references to namespace prefixes such that D2 and D1 remain logically
equivalent. Since namespace rewriting does not include occurences of equivalent. Since namespace rewriting does not include occurrences of
namespace references in attribute values and element content, the namespace references in attribute values and element content, the
canonical form of D1 does not equal the canonical form of D2 because canonical form of D1 does not equal the canonical form of D2 because
the XPath will be different. Thus, although namespace rewriting the XPath will be different. Thus, although namespace rewriting
normalizes the namespace declarations, the goal eliminating normalizes the namespace declarations, the goal eliminating
dependence on the particular namespace prefixes in the document is dependence on the particular namespace prefixes in the document is
not achieved. not achieved.
Moreover, it is possible to prove that namespace rewriting is Moreover, it is possible to prove that namespace rewriting is
harmful, rather than simply ineffective. Let D1 be a document harmful, rather than simply ineffective. Let D1 be a document
containing an XPath in an attribute value or element content that containing an XPath in an attribute value or element content that
skipping to change at page 25, line 13 skipping to change at page 25, line 13
namespace prefix rewriting scheme, which this specification namespace prefix rewriting scheme, which this specification
eliminates. This specification follows the XPath data model of eliminates. This specification follows the XPath data model of
putting all namespace nodes before all attribute nodes. putting all namespace nodes before all attribute nodes.
4.6 Superfluous Namespace Declarations 4.6 Superfluous Namespace Declarations
Unnecessary namespace declarations are not made in the canonical Unnecessary namespace declarations are not made in the canonical
form. Whether for an empty default namespace, a non-empty default form. Whether for an empty default namespace, a non-empty default
namespace, or a namespace prefix binding, the XML canonicalization namespace, or a namespace prefix binding, the XML canonicalization
method omits a declaration if it determines that the immediate parent method omits a declaration if it determines that the immediate parent
element in the canonical form contains an equivalent declaration. The element in the canonical form has an equivalent declaration in scope.
root document element is handled specially since it has no parent The root document element is handled specially since it has no parent
element. All namespace declarations in it are retained, except the element. All namespace declarations in it are retained, except the
declaration of an empty default namespace is automatically omitted. declaration of an empty default namespace is automatically omitted.
Relative to the method of simply rendering the entire namespace Relative to the method of simply rendering the entire namespace
context of each element, implementations are not hindered by more context of each element, implementations are not hindered by more
than a constant factor in processing time and memory use. The than a constant factor in processing time and memory use. The
advantages include: advantages include:
* Eliminates overrun of xmlns="" from canonical forms of * Eliminates overrun of xmlns="" from canonical forms of
applications that may not even use namespaces, or support them applications that may not even use namespaces, or support them
skipping to change at page 26, line 24 skipping to change at page 26, line 24
local name. The effect of the sort is to group together all local name. The effect of the sort is to group together all
attributes that are in the same namespace. attributes that are in the same namespace.
References References
[C14N-20000119] Canonical XML Version 1.0, W3C Working Draft. T. [C14N-20000119] Canonical XML Version 1.0, W3C Working Draft. T.
Bray, J. Clark, J. Tauber, and J. Cowan. January 19, 2000. Bray, J. Clark, J. Tauber, and J. Cowan. January 19, 2000.
http://www.w3.org/TR/2000/WD-xml-c14n-20000119.html. http://www.w3.org/TR/2000/WD-xml-c14n-20000119.html.
[CharModel] Character Model for the World Wide Web, W3C Working [CharModel] Character Model for the World Wide Web, W3C Working
Draft. ed. Martin J. Durst, Francois Yergeau. Draft. eds. Martin J. Durst, Francois Yergeau.
http://www.w3.org/TR/charmod/. http://www.w3.org/TR/charmod/.
[Cowan] Example of Harmful Effect of Character Model Normalization, [Cowan] Example of Harmful Effect of Character Model Normalization,
Letter in XML Signature Working Group Mail Archive. John Cowan, Letter in XML Signature Working Group Mail Archive. John Cowan,
July 7, 2000 http://lists.w3.org/Archives/Public/w3c-ietf- July 7, 2000 http://lists.w3.org/Archives/Public/w3c-ietf-
xmldsig/2000JulSep/0038.html. xmldsig/2000JulSep/0038.html.
[InfoSet] XML Information Set, W3C Working Draft. ed. John Cowan. [Infoset] XML Information Set, W3C Working Draft. ed. John Cowan.
http://www.w3.org/TR/xml-infoset. http://www.w3.org/TR/xml-infoset.
[ISO-8859-1] ISO-8859-1 Latin 1 Character Set. [ISO-8859-1] ISO-8859-1 Latin 1 Character Set.
http://www.utoronto.ca/webdocs/HTMLdocs/NewHTML/iso_table.html or http://www.utoronto.ca/webdocs/HTMLdocs/NewHTML/iso_table.html or
http://www.iso.ch/cate/cat.html. http://www.iso.ch/cate/cat.html.
[Keywords] Key words for use in RFCs to Indicate Requirement Levels, [Keywords] Key words for use in RFCs to Indicate Requirement Levels,
IETF RFC 2119. S. Bradner. March 1997. IETF RFC 2119. S. Bradner. March 1997.
http://www.ietf.org/rfc/rfc2119.txt. http://www.ietf.org/rfc/rfc2119.txt.
skipping to change at page 27, line 22 skipping to change at page 27, line 22
[UTF-8] UTF-8, a transformation format of ISO 10646, IETF RFC 2279. [UTF-8] UTF-8, a transformation format of ISO 10646, IETF RFC 2279.
F. Yergeau. January 1998. http://www.ietf.org/rfc/rfc2279.txt. F. Yergeau. January 1998. http://www.ietf.org/rfc/rfc2279.txt.
[URI] Uniform Resource Identifiers (URI): Generic Syntax, IETF RFC [URI] Uniform Resource Identifiers (URI): Generic Syntax, IETF RFC
2396. T. Berners-Lee, R. Fielding, L. Masinter. August 1998 2396. T. Berners-Lee, R. Fielding, L. Masinter. August 1998
http://www.ietf.org/rfc/rfc2396.txt. http://www.ietf.org/rfc/rfc2396.txt.
[XBase] XML Base ed. Jonathan Marsh. 07 June 2000. [XBase] XML Base ed. Jonathan Marsh. 07 June 2000.
http://www.w3.org/TR/xmlbase/. http://www.w3.org/TR/xmlbase/.
[XML] Extensible Markup Language (XML) 1.0, W3C Recommendation. eds. [XML] Extensible Markup Language (XML) 1.0 (Second Edition), W3C=20
Tim Bray, Jean Paoli, and C. M. Sperberg-McQueen. 10 February Recommendation. eds. Tim Bray, Jean Paoli, C. M. Sperberg-McQueen
1998. http://www.w3.org/TR/REC-xml. and Eve Maler. 6 October 2000. http://www.w3.org/TR/REC-xml.
[XML DSig] XML-Signature Syntax and Processing, Joint IETF/W3C [XML DSig] XML-Signature Syntax and Processing, Joint IETF/W3C
Working Draft. D. Eastlake, J. Reagle, D. Solo, M. Bartel, J. Working Draft. D. Eastlake, J. Reagle, D. Solo, M. Bartel, J.
Boyer, B. Fox, and E. Simon. July 2000. Boyer, B. Fox, and E. Simon. July 2000.
http://www.w3.org/TR/xmldsig-core/. http://www.w3.org/TR/xmldsig-core/.
[XML Errata] Errata in REC-xml-19980210, W3C Document. August 2000.
http://www.w3.org/XML/xml-19980210-errata.
[XML Plenary Decision] W3C XML Plenary Decision on relative URI [XML Plenary Decision] W3C XML Plenary Decision on relative URI
References In namespace declarations, W3C Document. 11 September References In namespace declarations, W3C Document. 11 September
2000. http://lists.w3.org/Archives/Public/xml- 2000. http://lists.w3.org/Archives/Public/xml-
uri/2000Sep/0083.html. uri/2000Sep/0083.html.
[XPath] XML Path Language (XPath) Version 1.0, , W3C Recommendation. [XPath] XML Path Language (XPath) Version 1.0, , W3C Recommendation.
eds. James Clark and Steven DeRose. 16 November 1999. eds. James Clark and Steven DeRose. 16 November 1999.
http://www.w3.org/TR/1999/REC-xpath-19991116. http://www.w3.org/TR/1999/REC-xpath-19991116.
Author's Address Author's Address
John Boyer John Boyer
PureEdge Solutions Inc. PureEdge Solutions Inc.
tel: 1-888-517-2675 tel: 1-888-517-2675
email: jboyer@PureEdge.com email: jboyer@PureEdge.com
Expiration and File Name Expiration and File Name
This draft expires May 2001. This draft expires July 2001.
Its file name is draft-ietf-xmldsig-canon-00.txt. Its file name is draft-ietf-xmldsig-canonical-01.txt.
 End of changes. 27 change blocks. 
46 lines changed or deleted 49 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/