Research Paper On Implementation Issues In Xml Ww2 Essay Topics
The following capabilities are particularly useful. However, we have encountered a variety of issues relating to the use of XML Signature and XML Encryption both separately and in combination. While real problems in the field have been rare to date, it is our expectation that as applications begin to take advantage of the capabilities of these specifications and the ones that use them, problems will become more frequent.
Failure to resolve these issues, especially the ones causing spurious validation errors, could lead to abandonment of their use.
Canonical XML has the advantage of retaining all in-scope namespace declarations, thus ensuring all the semantics of the document are integrity protected.
Unfortunately, because signatures constructed using this algorithm are invalidated by the addition or removal of namespace declarations in the surrounding context, it is not suitable for network protocol environments as described above.
Consider signing this with Exclusive Canonicalization, including the foo prefix in the Inclusive Namespaces Prefix List.
Our concerns about Canonicalization Algorithms relate mostly to the handling of namespace declarations, which in fact is the primary difference between the two most commonly implemented Canonicalization Algorithms.
In both cases, foo will be assigned the same value and will be included under the signature, but since it will appear within a different element, the signature value computed will be different.
Exclusive Canonicalization is also subject to the security risk that the namespace declarations will not be included under the signature if the prefix is used with an element or attribute value.
An example would be when a SAML assertion is signed and then carried somewhere in a SOAP message.
However, in the environment described above, problems can arise even when using Exclusive Canonicalization.