NonStop SOAP User's Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

251

252

253

254

255

256

257

258

259

260

NonStop SOAP with Digital Signatures

NonStop SOAP User’s Manual—520501-012

7-8

NonStop SOAP Header for Digital Signature

The description of these attributes are as follows:

<ds:CanonicalizationMethod>

Requirement Category: Mandatory

CanonicalizationMethod is an element that specifies the canonicalization

algorithm applied to the SignedInfo element prior to performing signature

calculations. XML is lax about its syntax. For example, the order of attributes and

how the values are quoted are not important. However, signatures require

message digests, and such differences matter a great deal. In order to work

around this, the content must be canonicalized. Canonicalization, or C14N, is the

process of choosing a path through all the possible output options, so that the

sender and receiver can generate the exact same byte value, no matter what

intermediate XML software might be involved. The canonicalization algorithms use

two implicit parameters: the content and its charset. The charset is derived

according to the rules of the transport protocols and media types. This information

is necessary to correctly sign and verify documents and often requires careful

server side configuration. The ‘required Canonical XML’ omits general comments.

The identifier for the ‘required Canonical XML’ is:

http://www.w3.org/TR/2001/REC-xml-c14n-20010315

Alternatively, ‘Canonical XML with Comments’ may also be used. The identifier for

the ‘Canonical XML with Comments’ is:

http://www.w3.org/TR/2001/REC-xml-c14n-

20010315#WithComments

However, their use may not interoperate with other applications that do not support

the specified algorithm.

The way in which the SignedInfo element is presented to the canonicalization

method is dependent on that method. The following conventions apply to

algorithms that process XML as nodes or characters:

1. XML-based canonicalization implementations must be provided with an [XPath]

node-set originally formed from the document containing the SignedInfo and

currently indicating the SignedInfo, its descendants, the attribute,

namespace nodes of SignedInfo, and its descendant elements.

2. Text-based canonicalization algorithms (such as CRLF and charset

normalization) must be provided with the UTF-8 octets that represent the well-

formed SignedInfo element, from the first character to the last character of

the XML representation. This includes the entire text of the start and end tags

of the SignedInfo element in addition to the descendant markup and

character data (that is, the text) between those tags. Use of text-based

canonicalization of SignedInfo is not recommended.