xml-xmlbeans-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: xmlbeans xml security
Date Fri, 02 Jul 2004 23:04:24 GMT
Eric,

The spec was written before Schema was really out there and therefore 
default attribute handling only referenced DTDs.  And you are correct - 
any default attributes must be represented explicitly in the canonical 
form.  My understanding is that is true whether they come from a schema 
or a DTD.  Given the intent of c14n, that makes sense - it's supposed to 
give you the input to a digest algorithm algorithm, where the digest is 
changed if anything about the document changes.

I've implemented C14n for the C++ xml-security version, and the Java 
variant has just gone through some significant reviews for performance 
reasons.  Given the recent work, there may be some input that we can 
provide from the xml-security project.

Cheers,
	Berin

Eric Vasilik wrote:

> Are you saying that c14n says that the canonicalized form for a document
> must include defaulted attributes that were specified by an XmlSchema?
> That is to say, if an element does not have attribute x, but the
> XmlSchema it is bound has a default attribute value for x, the canonical
> form must include that attribute?  The spec seems to suggest that the
> default attrs specified in a DTD must be included, but, that's a parsing
> issue for XmlBeans, and is irrelevant when producing the canonical form
> for a loaded document in Xmlbeans.
> 
> Right now, the saver does is not influenced by the schema associated
> with the instance being saved.
> 
> - Eric
> 
> -----Original Message-----
> From: David Waite [mailto:mass@akuma.org] 
> Sent: Thursday, July 01, 2004 2:48 PM
> To: xmlbeans-dev@xml.apache.org
> Subject: Re: xmlbeans xml security
> 
> 
> On Jul 1, 2004, at 3:30 PM, Noah Campbell wrote:
> 
> 
>>I'll assume that BEA's impl is not available for general consumption.
> 
> 
> I dunno what BEA's impl looks like :)
> 
> 
>>In regards to the current xmlstore, aren't the namespace names
>>synthetic anyway?  I mean, you don't need to rely on the name except
>>for its ability to link an element, etc to a namespace.  If someone is
>>passing information through the namespace name then this might be
>>considered a potential leak if full infoset is preserved.  This is
>>probably contrieved and sorta silly but it is still something to
>>consider.
> 
> 
> In normal XML, sure. When you start canonicalizing xml, namespace 
> prefixes matter, because qname types require schema awareness on some 
> level to identify. If your canonicalized form allowed arbitrary 
> prefixes to be chosen, someone could conceivably change the meaning of 
> a document by putting a qname value in a different namespace.
> 
> The only real awareness of a schema or dtd used by canonicalization is 
> expansion of attribute default types. I believe all the 'secure' 
> messages (ws-security, saml) avoid default namespaces so they don't 
> encounter this really ugly side-effect.
> 
> The issue is that when you parse in xml, it uses a qname and stores the 
> namespace URI and the local name, but not the prefix. If you get a 
> signed document in which declares a namespace both with a prefix and as 
> the default namespace (perfectly valid) this breakage of infoset 
> fidelity will cause the canonical form to differ where the saver chose 
> a different namespace than was originally used, thus you will get a 
> different hash out, and have very little idea what happened.
> 
> 
>>(a silly side channel attack for example)
>>
>><element xmlns:thePassphraseIsCheese="http://t.l.d/secureMessage">
>>      <thePassphraseIsCheese:passphraseProtectedElement>
>>               09832jkfadilafj#$@#rkfdali9fdalksdjf93aldkfja093ajfd
>><thePassphraseIsCheese:passphraseProtectedElement>
>></element>
>>
> 
> Yes, fire the developer who did this ;-)
> 
> The issue is that the W3C allowed content to become dependent on 
> namespaces, as if namespaces weren't tricky enough as is. XPath 
> expressions and QName values in attributes and text nodes makes the 
> namespaces important, as a transformation that changes the namespaces 
> now needs to understand the context of the document which they are 
> placed on. So while you could make a filter which replaced the prefix 
> above with 'x0', it would need to know the schema, and would have to 
> filter _after_ canonicalization and any validation associated (such as 
> xml-dsig)
> 
> -David Waite
> 
> 
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail:   xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
> 
> 
> - ---------------------------------------------------------------------
> To unsubscribe, e-mail:   xmlbeans-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
> Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/
> 
> 
> 

- ---------------------------------------------------------------------
To unsubscribe, e-mail:   xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/


Mime
View raw message