17.1 Algorithm Syntax

XML Security represents algorithms that it uses via an element with an Algorithm attribute. This attribute's value is a URI (see Chapter 7) that indicates the particular algorithm to use, whereas the element name indicates the role played by the algorithm.

Each algorithm has some implicit inputs or parameters, depending on its role. A list of such roles and their implicit inputs appears in Section 17.2.

Some algorithms also take explicit parameters provided by the element or text content of the algorithm role element, as specified for the particular algorithm. When using element content, parameter elements have algorithm- or role-specific names. These element content names must appear in the main namespace of the XML Digital Signature or XML Encryption standards, that is

 http://www.w3.org/2000/09/xmldsig# http://www.w3.org/2001/04/xmlenc# 

or in an algorithm-specific namespace. (See Figure 17-1.) The order of such input parameter elements, if more than one exist, need not be significant. The algorithm role elements are defined with mixed content to allow text content input.

Figure 17-1. Xml Security algorithm model


As an example, consider the arithmetic algorithm division. We will show it taking two explicit parameters, the dividend and the divisor, but no implicit parameters. In XML Security syntax, filling the role of "ExampleMethod" would be something like

 <ExampleMethod Algorithm="http://arithmetic.example/division">     <Dividend>60</Dividend>     <Divisor>5</Divisor> </ExampleMethod> 

which would produce an output of "12". This example is not typical of XML Security, as all of its algorithms take implicit parameters and most of its algorithms don't take any explicit parameters.


The exact syntax for algorithm-specifying elements was one of the more contentious items in early XMLDSIG design. Because no native or preexisting standard for XML functional notation existed, lengthy arguments were put forth both for and against providing explicit attributes giving the encoding of parameters, element names versus attribute values for algorithm selection, position-dependent child element parameters, element content versus text content for explicit inputs, and more. Once these issues were settled for XMLDSIG, XML Encryption reasonably enough just copied the results and used the same syntax.


Applications must exercise care when executing the various algorithms that might be specified and when processing any "executable content" that might be provided to such algorithms as parameters, such as XSL Transforms [XSLT]. The algorithms specified in the standards will usually be implemented in a trusted library. Even there, however, perverse parameters might cause unacceptable processing or memory demand. Even more care might be warranted with application-defined algorithms.

Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net