Lightweight Signatures for XML
Check out this proposal published by Johannes Ernst of NetMesh. I challenged him a couple weeks ago to apply his skills at developing lightweight, straightforward solutions to the problems presented by XML Digital Signatures, which are too numerous to recount here. XMLDSIG is a powerful technology, but it's very heavy and quite complex, which works against its success in the marketplace, particularly in lightweight development environments.
Just as a gedankenexperiment for Johannes, we wondered what should be done if we wanted something besides XMLDSIG -- something much simpler and lighter -- for identity, publishing and social networking applications we've been looking at. Johannes idea is to forego XML canonicalization -- or transforms of any kind -- and simply sign a single node as a blob, signing the XML in a monolithic way, the way you'd sign a JPEG image.
The single element signing strategy won't work for a variety of existing and legacy XML document formats. But it may be that if one keeps the constraints applied in Johannes' proposal in mind, XML documents might be effectively designed to support this method. If so, it would create a much lower threshold for web apps to clear in order to support basic trust and cryptographic semantics in XML. Essentially, Johannes is asking what would happen if we did away with transforms.
In any case, if you're interested in this kind of thing, it's worth clicking over there to give it a read.
Comments
Great reading, keep up the great posts.
Peace, JiggaDigga
Posted by: JiggaDigga | April 7, 2006 01:06 AM