Re: [xml] Re: Attributes without knowing name

From: Rich Salz <rsalz datapower com>
To: "petrovic corp earthlink net" <petrovic corp earthlink net>
Cc: "xml gnome org" <xml gnome org>
Subject: Re: [xml] Re: Attributes without knowing name
Date: Sat, 11 Jan 2003 13:24:25 -0500 (EST)

When signing, the string that is signed must be identical to the one
which is checked at some later time. The problem with this and XML
is that attribute order isn't important, and libxml and Xerces orders
them diffrently, so I need to sort them. The signer must be general,
so it shouldn't need to know the names of the attributes in the
given element.


If you are doing digital signatures of XML data, you should look at
the IETF/W3C standard for XML Digital signatures.  The process of
ordering attributes like you describe is called canonicalization (c14n);
there are also IETF/W3C standard for XML c14n.

Even better: there is a free library C/C++ (xmlsec) built on top of
xmllib and openssl that implements XML DSIG; it also has XML C14N,
which was donated to xmllib.

You can find all the other URL's of interest here:
   http://www.aleksey.com/xmlsec/

        /r$

References:
- [xml] Re: Attributes without knowing name
  - From: petrovic

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]