W3C Recommends XML Signature Syntax

__past__ writes: "The W3C released a recommendation on XML Signature Syntax and Processing. The interesting point is not only that this is quite an important step for secure XML processing (esp. with regarding to web services), but also because there are some possibly ugly patent issues."

W3C / XML brain damage

[brenfern]

Yet another dull-as-dish recommendation from the W3C, not even a reference implementation to play with.

Ever since they have gone XML-with-everything they have produced ineffectual standards that are not followed by anybody as they are a pain in the ass to implement. It is no wonder that M$ and Sun prefer to create de facto standards instead of waiting for these guys to actually do anything. The killer app is the way to create standards and it's been a dozen years since we've seen one from the W3.

Re:W3C / XML brain damage

[pohl]

I think the problem is really that those who write web pages are forced to write documents that code for both logical structure and layout. This is the fundamental design flaw in HTML that XML is designed to address. Were these authors able to code logical structure separate from layout (using a transform, for example) they could fix invalid HTML by fixing a single transform.

what made the web work

[Alien54]

with the progress towards XML, etc. the WWW is moving away from those things that made the explosion of the WWW possible. The inherent simplicity in HTML, as something you could get the basics of in a few days of mild effort, or in a morning, if you were ambitious, is disappearing.

What I am nervous about is that with the advance towards the more sophisticated technologies, the earlier simpler technologies will be "obsoleted". This may have implications for the democracy of the web slowing going away because only experts can do what used to be an everyman task.

Re:what made the web work

[NineNine]

Simplicity? XML is about as simple as you can get. XML is just straight text in tags similar to HTML. Of course, it's only go to do with data transfer, but XML is generally very simple. And for those people who don't know "data" from a hole in thr ground, there's no reason to use XML in the first place.

Re:what made the web work

Let me disagree here. Sure the syntax is relatively simple - although even that could be dumbed down - but what it describes is kind-of complicated. XML describes a graph, but it does so with three kinds of edges. Subelement relationships let one define a tree, attribute relations are a different type of edge that can only be used at the end of the tree, and then one can introduce cycles with IDREFs.

From a semi-structured data point of view, all that's needed is one type of edge, which would make things much easier to reason about.

Ordering is another point of contention. Attributes are not ordered, but subelements are. Messy.

The crux of the problem with XML is that it was invented by structured document folks (as a simplified successor to SGML) and then later latched on to by the database folks who realized that it looked like semi-structured data. The design is something that I don't think database folks would have come up with if they were the ones designing it

Of course, all of the terrible committee-made standards that are being layered on top of it don't help, but I suppose that's not a complaint with the core of XML.

cheers!

Re:Screw Patents

[lemonhed]

>Ignore the problem and it goes away!

It surely wont go away. In fact, if you ignore the problem our federal govt will do what people that DO NOT ignore the problem suggest they do. The federal govt is currently debating this issue as we speak.

The US is already conforming to the rest of the world on patent matters (e.g., publishing applications after 18 months). so if you want your voices to be heard.. contact congress.

Here is a link on patent legislation in various countries and how the US interacts with them.

Click here!!!

XML is not the only extensible language

[brenfern]

A useful framework for some types of data it may be (specifically, markup data), but I feel that XML is too often used outside the scope of its main strengths. Specifically, object serialisation, transmission and other such protocols are handled more elegantly by ASN.1, Java serialisation (which can just as easily become a standard for other languages) or just rolling your own, program semantics by LISP syntax etc.

Far too often W3 encourage the blinkered approach that XML is the only way to express things. Stuffing base64-encoded strings into markup tags to be parsed at the other end is just not convenient and I think it can be done better.

You forget XHTML

[Kingpin]

Those who say that XML is simple are IMO not correct. XML can be veru complex, you cannot just make up new tags - they have semantic value in respect to a given target. This means that you have to have a target application that understands your XML, not much simplicity there. XML is not a language, it's a syntax. The syntax is easy, agreed, but implementations may have any complexity level.

XHTML is an XML schema. It's HTML that's valid XML, ie. it conforms to the XHTML DTD/Schema. For most it suffices that it's well-formed XML and as such can be parsed into a DOM tree by any XML parser.

De-facto standards example: the web browser.

[brenfern]

The web browser was the W3's (or, as it was, CERN's) big killer app. In the good old days they used to actually make things to prove that their standards would lead to useful technology. Do you really believe that the W3 should solely chair committee meetings and never get their hands dirty? Can good technology be designed in a vacuum? There is no seperate world of "standards bodies" here and "software houses" there - the most successful way to create a standard is to lead by example, and release a reference implementation. Presumably the W3 must have a prototype implementation somewhere; if they released it, more people might take their standards seriously. As it stands, a standard with no implementation can only be evaluated on by speculating about its theoretical merits - which is a risky strategy.

XML is no longer simple

[Carnage4Life]

Simplicity? XML is about as simple as you can get. XML is just straight text in tags similar to HTML. Of course, it's only go to do with data transfer, but XML is generally very simple. And for those people who don't know "data" from a hole in thr ground, there's no reason to use XML in the first place.

In the good old days, XML was simple but this is no longer the case as the W3C has created more and more complex standards that seem to require a P.hD to understand.

• Want to specify a structure for your XML? XML Schemas
• Want to query XML? XQuery
• Want to transform XML to some other format? XSLT
• Want to use XML as a transfer format for RPC calls? SOAP.
• Want to create links between XML documents? XPointer, XLink, and XML:Base are all needed.
• Want to include XML files in each other? XInclude

Many of the above standards are rather complex and difficult for most people to understand completely. This is besides the stuff one has to understand about XML infoset and XML namespaces to fully understand how to use XML properly.

DISCLAIMER: The opinions in the above post are MINE ALONE and do not reflect the opinions, intentions or strategies of my employer.

Re:scary

[j7953]

It's even more scary for me. I live in Germany, where digital signature are treated almost equally to normal signatures in many areas (the laws are based on European legislation, so other European Union member countries should have similar laws). Digital signatures aren't widely used yet, but I think you'll agree that such laws have lots of potential uses.

I am, however, very worried about legally binding signatures being subject to patent issues. Signatures are commonly used to sign contracts of high legal importance, where at least one party wants to have written proof of the contract. Having digital signatures convered by patents will make free software implementations more difficult or even impossible, and the idea that signing a contract will be possible only in ways that the signees don't completely undestand and cannot fully control (because the implementation is proprietary) certainly doesn't sound like a good idea for a democracy.

You have it backwards

[fm6]

All these complicated technologies actually show how simple XML remains. None of them does anything to "make XML more complicated". XML is just a specification for encoding information -- and that specification is still on version 1.0. If the XML designers did their job right, there never be an XML 2.0 or even an XML 1.1.

The beauty of XML lies not just in its simplicity, but also its flexibility. Naturally people are using this flexibility to implement sophisticated applications -- and writing complicated descriptions of these applications. But none of these things makes XML itself more complex. You might as well say that RISC chips, such as PowerPC, stopped being simple when people started using them to emulate Pentiums!