Las habilidades sociales

Before data is signed, it usually goes through a transformation process or processes. These transformations render the data suitable for signature. For instance, one well- known transformation is base64 decoding. This is used so that the raw version of base64-encoded data can be signed. In addition, there are several other transforma- tions important for XML and XML signatures. We will discuss XPath, Canonical XML, and Decryption Transform for XML Signature in this section.

Canonical XML can be applied to SignedInfo. In addition, each referenceelement in

SignedInfocan contain transformations that are applied to the referenced elements. One or more transformations can be specified for each referenced element. The input to the first transform is the data identified by the SignedInfoURI. Its output becomes the input to the second transform, and so on, until the output of the last transform becomes the input to the message digest algorithm.

While XML Signature does not mandate the use of these specific transformations, the functionality that they provide is needed to ensure that digital signatures function correctly. Even if the application designer does not want to use these specific algo- rithms, a functional equivalent must be found. We do not encourage the use of alter- natives because this limits the interoperability of XML signature.

XPath/XPointer

It must be possible to selectively sign portions of XML documents. Unlike email or files where the entire message or file is meant for a specific recipient, many recipients can handle XML documents and especially SOAP documents. Each may choose to sign or verify the part of the document that is of concern to him or her. This is different from the selective encryption capability of XML Encryption. With XML Encryption, the encrypted data replaces the plaintext data in the XML document, and it is appropri- ately identified. It will be obvious which data has been encrypted. With digital signa- tures, the signed data is not transformed and replaced. Instead, an additional structure is created that probably resides elsewhere in the document. A method is needed to identify which elements of the document the signature applies. XPath is used for this purpose. While XPath can be used for other functions, digital signatures make use of XPath’s location path to identify the signed nodes.

XML Path Language (Xpath) Version 1.0(W3C 1999) is a query language that searches for, locates, and identifies parts of an XML document. It was originally developed for use with Extensible Stylesheet Language Transformations (XSLT). The algorithm iden- tifier for XPath is http://www.w3.org/TR/1999/REC-xpath-1999116. Work is also proceeding on XML-Signature XPath Filter 2.0(W3C 2002k). This is a specialized ver- sion of XPath, currently in working draft state, tailored for use with digital signatures. The following discussion is based on XPath Version 1.0.

For XPath to work, the XML document must be organized into a tree structure. A SOAP message modeled as such a tree is shown in Figure 4.8. The contents of this tree are close to, but not identical to, the original XML document. We won’t go into all the details here, but the tree contains the elements, attributes, comments, namespaces, and processing instructions of the XML document. It also has a root node that is logically above what we normally consider the root of the document. This allows the inclusion of comments that appear before the start of the XML document. However, it does not contain the XML declaration statement <?xml version=”1.0”?>.

Figure 4.8 SOAP message tree.

The location path identifies a node in the tree by specifying directions for getting to the node of interest from a starting node. The location path can be absolute or relative. If it is absolute, the path starts from the root node of the document. If the path is rela- tive, the path starts at another node, called the context node, in the tree.

From this point, XPath steps along the tree to identify nodes of interest. Each loca- tion step consists of a direction, called an axis, to search relative to the context. Searches may go up the tree from the starting node, or they may go down the tree, and particu- lar relationships can be required. For instance, the step can specify namespace nodes two generations away. For digital signatures, descendants of the context node are the only nodes of interest. The location step also includes a node test. The node test selects a candidate comment, processing instruction, or text nodes. Finally, operations called predicates filter the selected nodes and further narrow them down. Predicates are rela- tional operators (equal, not equal, greater than, and so on). They test for specific node content. So, in a purchasing application using XPath, we can identify the total value of the PO and the account number for signature but exclude all other portions of a SOAP purchase order document body. The results of one location step can be the input to another step, thus becoming the context for the next step.

XPointer (W3C 2001c) is a W3C candidate recommendation. It extends XPath so that XPointer can be used as a URI. We are most interested in the bare-name form of XPointer. A bare name references an element that has an ID attribute identical to the bare name. In the following code, the element demohas an attribute refNode. A URI ref- erencing demoonly needs to use refNode.

<signedInfoRef URI=”#refNode”> ... </signedInfoRef> <demo ID=”refNode”> ... </demo> Root

<env:envelope xmins:env:"http://www.w3.org/2002/06/soap-envelope"> </env:envelope>

<env:header> </env:header> <env:security> </env:security> Medium <env:priority> </env:priority> High <env:name> </env:name> John Doe <env:phone> </env:phone> 781-555-1212 <env:body> </env:body> 90 Chapter 4

This form of the bare name XPointer is used when refnodeis in the same document as demo. When a node in an external document is referenced, the bare name is appended to the document-identifying URI. The bare-name XPointer is used to indi- cate signed elements within the document.

XML Canonicalization

Digital signatures are dependent on the representation of the data being signed. What a person regards as an inconsequential change in the document, say the addition or deletion of white space, would be read by a system as a significant alteration and could cause a signature not to be verified. To avoid this possibility, XML documents are trans- formed into a standard representation before being signed or verified.

Canonical XML Version 1.0(W3C 2001a) provides a standard way to determine if two documents are identical. It defines rules for transforming an XML document into a standard representation. Another document with the same canonical representation is considered identical to the first. There are two variations on Canonical XML. One version does not include comments, and its algorithm identifier is http://www .w3.org/TR/2001/REC-xml-c14-20010315. The other version includes comments, and its algorithm identifier is http://www.w3.org/TR/2001/REC-xml-c14-20010315# WithComments.

A second document, Exclusive XML Canonicalization Version 1.0(W3C 2002b), a can- didate recommendation, addresses the need to sign parts of a document in such a way that the signed portion can be extracted and placed in another document. For instance, if the signed portion of the document uses a default namespace, Exclusive XML Canonicalization copies the namespace into the subdocument being signed.

The canonical representation of a document is a handy representation to sign, because the canonical rules applied to the received XML document eliminate inconse- quential changes that occur as the document is passed among nodes and result in a standard form of the document. Canonical XML transforms data by utilizing a stan- dard character encoding (UTF-8). It normalizes line feeds and attributes, replaces ref- erences, removes unnecessary namespace references, adds default attributes, and performs other functions that eliminate unnecessary constructs and resolve potential ambiguity.

When used with digital signatures, canonicalization must transform data prior to signing. Then, it is used to transform data prior to signature verification, thus elimi- nating the possibility of verification failing for spurious reasons. Also, since canonical- ization can use up computational resources, only those portions of the document that will be signed are canonicalized.

XML Decryption Transform for Signature

When a digital signature is combined with encryption, it is necessary to know whether a signature was applied to encrypted data or to unencrypted data that was subse- quently encrypted. In the first case, the encrypted data must be left encrypted for the signature to be verified. In the second case, the encrypted data must be decrypted before the signature is verified. Decryption Transform for XML Signature(W3C 2002a) is a W3C candidate recommendation that specifies how the signer of a document can inform the signature verifier which signed portions of a document must be left encrypted so that a signature will be verified. All other portions of the document

should be decrypted before the signature verification is attempted. This procedure is not a separate transform. Instead, it is an instruction to the signature verifier that is used during the decrypt transform. (Since it applies to signature verification, we’ve chosen to discuss it here rather than in the encryption section.) Therefore, an element containing the excluded, encrypted node must be inserted as a child element to the transform element. An example taken from the candidate recommendation is:

<Transform Algorithm=”http://www.w3.org/2001/04/decrypt#”>

<Except xmlns=http://www.w3.org/2001/04/decrypt# URI=”#enc1”/> </Transform>

In this example, node enc1was encrypted before the signature was applied. Other portions of the document were encrypted after signature. To verify the signature, the other portions of the document must be decrypted first, but node enc1must be left intact until the signature is verified. If necessary, it can be decrypted after the verifica- tion is complete.