XML Security represents algorithms that it uses via an element with an Algorithm attribute. This attribute's value is a URI (see Chapter 7) that indicates the particular algorithm to use, whereas the element name indicates the role played by the algorithm. Each algorithm has some implicit inputs or parameters, depending on its role. A list of such roles and their implicit inputs appears in Section 17.2. Some algorithms also take explicit parameters provided by the element or text content of the algorithm role element, as specified for the particular algorithm. When using element content, parameter elements have algorithm- or role-specific names. These element content names must appear in the main namespace of the XML Digital Signature or XML Encryption standards, that is http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2001/04/xmlenc# or in an algorithm-specific namespace. (See Figure 17-1.) The order of such input parameter elements, if more than one exist, need not be significant. The algorithm role elements are defined with mixed content to allow text content input. Figure 17-1. Xml Security algorithm modelAs an example, consider the arithmetic algorithm division. We will show it taking two explicit parameters, the dividend and the divisor, but no implicit parameters. In XML Security syntax, filling the role of "ExampleMethod" would be something like <ExampleMethod Algorithm="http://arithmetic.example/division"> <Dividend>60</Dividend> <Divisor>5</Divisor> </ExampleMethod> which would produce an output of "12". This example is not typical of XML Security, as all of its algorithms take implicit parameters and most of its algorithms don't take any explicit parameters.
|