Information technology — Generic applications of ASN.1: Fast infoset security — Part 3:

ISO/IEC 24824-3:2008 specifies the application of encryption and integrity (either separately or in combination) to a fragment of an XML infoset that is serialized using the fast infoset specification in ISO/IEC 24824-1. The specification of encryption uses the W3C Recommendation XML Encryption Syntax and Processing. The specification of integrity uses the W3C Recommendations W3C Canonical XML Version 1.0, W3C Exclusive XML Canonicalization Version 1.0, and XML-Signature Syntax and Processing.

Technologies de l'information — Applications génériques de l'ASN.1: Sécurité d'Infoset rapide — Partie 3:

General Information

Status
Published
Publication Date
21-Apr-2008
Current Stage
9060 - Close of review
Start Date
18-Sep-2013
Ref Project

Buy Standard

Standard
ISO/IEC 24824-3:2008 - Information technology -- Generic applications of ASN.1: Fast infoset security
English language
14 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 24824-3
First edition
2008-05-01
Information technology — Generic
applications of ASN.1: Fast infoset
security
Technologies de l'information — Applications génériques de l'ASN.1:
Sécurité d'Infoset rapide
Reference number
ISO/IEC 24824-3:2008(E)
ISO/IEC 2008
---------------------- Page: 1 ----------------------
ISO/IEC 24824-3:2008(E)
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but

shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In

the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2008

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 24824-3:2008(E)
CONTENTS
Page

1 Scope..................................................................................................................................... 1

2 Normative references ................................................................................................................ 1

2.1 Identical Recommendations | International Standards............................................................. 1

2.2 Additional references....................................................................................................... 1

3 Definitions .............................................................................................................................. 2

3.1 Imported definitions ........................................................................................................ 2

3.2 Additional definitions ...................................................................................................... 2

4 Abbreviations .......................................................................................................................... 2

5 Notation ................................................................................................................................. 2

6 Canonical Fast Infoset algorithms ................................................................................................ 3

6.1 Requirements on canonical Fast Infoset algorithms................................................................ 3

6.2 Requirements on canonical XML algorithms for use by a canonical Fast Infoset algorithm............ 3

6.3 Restrictions when serializing an XML infoset to a canonical fast infoset document ...................... 3

6.4 Canonical Fast Infoset algorithms....................................................................................... 4

7 W3C XML Signature and Fast Infoset .......................................................................................... 4

8 W3C XML Encryption and Fast Infoset ........................................................................................ 5

8.1 Application-level extensions for encryption.......................................................................... 5

8.2 Generation of a complete XML infoset from part of an XML infoset......................................... 5

8.3 Application-level extensions for decryption.......................................................................... 6

Annex A Examples of signing and encrypting an XML infoset.................................................................. 7

A.1 Introduction of examples .................................................................................................. 7

A.2 Signing and verifying the SOAP message infoset .................................................................. 7

A.3 Encrypting and decrypting the SOAP message infoset............................................................ 10

Annex B – Signed SOAP message infoset............................................................................................... 12

Annex C – Signed and encrypted SOAP message infoset ........................................................................... 13

Bibliography..................................................................................................................................... 14

© ISO/IEC 2008 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 24824-3:2008(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 24824-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 6, Telecommunications and information exchange between systems, in collaboration with

ITU-T. The identical text is published as ITU-T Rec. X.893 (05/07).
iv © ISO/IEC 2008 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 24824-3:2008(E)
Introduction
This Recommendation | International Standard specifies:

a) the application of integrity to one or more parts of an XML infoset using Fast Infoset serialization and

W3C XML Signature;

b) the application of encryption to one or more parts of an XML infoset using Fast Infoset serialization and

W3C XML Encryption.

W3C XML Signature specifies a means of generating W3C XML Signature information items that contain (inter alia):

a) explicit (using URIs) or implicit (dependent on the use of the XML infoset signature information item)

identification of one or more data objects (a data object is anything that either already is, or can be

transformed into, a string of octets);

b) a (possibly empty) list of sequential transforms (specified by URIs for the algorithm to be used in

performing the transform) from those data objects to a sequence of octets; these transforms can select all

or part of the identified data objects, but are required to result in a sequence of octets;

c) digest and encryption information for the production of a signature of the resulting sequence of octets;

and
d) the resulting signature.

This Recommendation | International Standard specifies four (canonical Fast Infoset) algorithms that can be referenced

in a W3C XML Signature transform (and provides URIs for them) and can also be (independently) used as the

algorithm for the W3C XML Signature canonicalization method.

NOTE 1 – The same Fast Infoset algorithm could be used for both the transform and the canonicalization method, but use of two

different Fast Infoset algorithms (or a Fast Infoset algorithm and some other algorithm) is not excluded.

In all four cases, the input to the canonical Fast Infoset algorithm is either an XML infoset, or an XPath node set

(restricted, in accordance with 6.1.4 b, to those node sets that produce a well-formed XML document when serialized).

The output of all four canonical Fast Infoset algorithms is a sequence of octets (the octets of a fast infoset document,

see ITU-T Rec. X.891 | ISO/IEC 24824-1) that are suitable for digest and hashing in order to provide a signature in

accordance with W3C XML Signature.

NOTE 2 – This will usually be the last transform in the sequential list of W3C XML Signature transforms, but need not be.

A typical use will be to sign one or more parts of a single XML infoset.
NOTE 3 – Use to sign parts of multiple XML infosets is not excluded.

It is expected, but not required, that the resulting W3C XML Signature information items will be used either as a

detached signature, or as an enveloping or enveloped signature (see W3C XML Signature) for the XML infoset that is

signed, and that the resulting XML infoset will be serialized using ITU-T Rec. X.891 | ISO/IEC 24824-1.

This Recommendation | International Standard specifies application-level extensions (see 3.2.1) to W3C XML

Encryption. These application-level extensions enable encryption to be applied to part of an XML infoset using octets

provided by a Fast Infoset serialization, rather than to the octets provided by an XML serialization of those parts.

NOTE 4 – W3C XML Encryption can be applied to a complete fast infoset document as specified in W3C XML Encryption, 3.1,

without the use of this Recommendation | International Standard. The MimeType attribute will have the value

"application/fastinfoset".

The means of identifying the parts of the XML infoset that are encrypted is specified by W3C XML Encryption and

allows the encryption of:

a) an element information item and its properties, including any direct or indirect child information items

(and their properties); and

b) the child information items of the child property of an element information item and their properties,

including any direct or indirect child information items (and their properties).

Encryption requires that those parts of an XML infoset that are to be encrypted have to be first serialized into a string of

octets for input to an encryption algorithm.

The ability to produce a serialization of a and b above is not supported by ITU-T Rec. X.891 | ISO/IEC 24824-1, but is

specified in clause 8 of ITU-T Rec. X.893 | ISO/IEC 24824-3 (using ITU-T Rec. X.891 | ISO/IEC 24824-1). This is

done by converting such fragments (in a defined way) to a complete XML infoset and then applying ITU-T Rec. X.891 |

ISO/IEC 24824-1 to the complete XML infoset.

This Recommendation | International Standard also specifies two URIs, one for a above and one for b above, that are

used in XML Encryption to identify the application-level extensions which determine the use of Fast Infoset

serialization rather than XML serialization for the production of the octets to be input to an encryption algorithm.

© ISO/IEC 2008 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 24824-3:2008(E)

Use of Fast Infoset serialization to determine the octets for input to an encryption algorithm in general reduces the

number of octets that have to be encrypted and decrypted, and would be normal (but not necessary) if the XML infoset

is transferred using a Fast Infoset serialization.

NOTE 5 – It is also possible (but would be unusual) to use Fast Infoset serialization to determine the octets for input to an

encryption algorithm when the XML infoset is to be transferred using an XML serialization.

The serialization of an XML infoset containing W3C XML Signature information items and/or W3C XML Encryption

information items to a fast infoset document has the following advantages over serialization to an XML document:

a) repeating information such as multiple signed references or multiple encrypted parts with the same XML

tags or content will be encoded more efficiently; and

b) the (binary) octets associated with signature values, digest values, cipher values or keys may be encoded

directly (see ITU-T Rec. X.891 | ISO/IEC 24824-1, 10.3) if a (binary) fast infoset document is used to

serialize the XML infoset; when serializing an XML infoset to an XML document (which is a string of

characters), such octets are required to be base64 encoded, increasing processing speed and size.

Clause 6 specifies four canonical Fast Infoset algorithms that can be referenced in a W3C XML Signature transform.

Clause 7 specifies the use of W3C XML Signature with canonical Fast Infoset algorithms.

Clause 8 specifies the use of W3C XML Encryption for the encryption of parts of an XML infoset that are serialized to

fast infoset documents.

Annex A does not form an integral part of this Recommendation | International Standard and provides examples of

signing and validating a SOAP XML infoset (that makes use of canonical Fast Infoset algorithms), and encrypting and

decrypting a SOAP message infoset (that makes use of the encryption of part of the SOAP message infoset that is

serialized to a fast infoset document).

Annexes B and C do not form an integral part this Recommendation | International Standard, and provide examples of a

signed SOAP message infoset and a signed and encrypted SOAP message infoset, respectively.

vi © ISO/IEC 2008 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 24824-3:2008 (E)
INTERNATIONAL STANDARD
ITU-T RECOMMENDATION
Information technology – Generic applications of ASN.1:
Fast infoset security
1 Scope

This Recommendation | International Standard specifies four (canonical Fast Infoset) algorithms that can be used in the

application of W3C XML Signature (and provides URIs for them).

It also specifies application-level extensions to the W3C XML Encryption processing rules for the encryption of part of

an XML infoset (see 8.1) serialized as a fast infoset document and for the decryption of an encrypted part (see 8.3) that

was serialized as a fast infoset document.

The use of any resulting W3C XML Signature information items or W3C XML Encryption information items is not

within the scope of this Recommendation | International Standard.
2 Normative references

The following Recommendations and International Standards contain provisions which, through reference in this text,

constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated

were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this

Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent

edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently

valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently

valid ITU-T Recommendations. The IETF maintains a list of RFCs, together with those that have been obsoleted by

later RFCs. The reference to a document within this Recommendation | International Standard does not give it, as a

stand-alone document, the status of a Recommendation or International Standard.
2.1 Identical Recommendations | International Standards

– ITU-T Recommendation X.891 (2005) | ISO/IEC 24824-1:2007, Information technology – Generic

applications of ASN.1: Fast infoset.
2.2 Additional references

– ISO/IEC 10646:2003, Information technology – Universal Multiple-Octet Coded Character Set (UCS).

– W3C Canonical XML:2001, W3C Canonical XML Version 1.0, W3C Recommendation, Copyright ©

[15 March 2001] World Wide Web Consortium, (Massachusetts Institute of Technology, Institut National

de Recherche en Informatique et en Automatique, Keio University), http://www.w3.org/TR/2001/REC-

xml-c14n-20010315.

– W3C XML Encryption:2002, XML Encryption Syntax and Processing, W3C Recommendation,

Copyright © [10 December 2002] World Wide Web Consortium (Massachusetts Institute of Technology,

Institut National de Recherche en Informatique et en Automatique, Keio University),

http://www.w3.org/TR/2002/REC-xmlenc-core-20021210.

– W3C Exclusive Canonical XML:2002, W3C Exclusive XML Canonicalization Version 1.0, W3C

Recommendation, Copyright © [18 July 2002] World Wide Web Consortium, (Massachusetts Institute of

Technology, Institut National de Recherche en Informatique et en Automatique, Keio University),

http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718.

– W3C XML Information Set:2004, XML Information Set (Second Edition), W3C Recommendation,

Copyright © [04 February 2004] World Wide Web Consortium (Massachusetts Institute of Technology,

Institut National de Recherche en Informatique et en Automatique, Keio University),

http://www.w3.org/TR/2004/REC-xml-infoset-20040204.

– W3C XML Signature:2002, XML-Signature Syntax and Processing, W3C Recommendation, Copyright

© [12 February 2002] World Wide Web Consortium (Massachusetts Institute of Technology, Institut

National de Recherche en Informatique et en Automatique, Keio University),
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212.
ITU-T Rec. X.893 (05/2007) 1
---------------------- Page: 7 ----------------------
ISO/IEC 24824-3:2008 (E)

– W3C XPath:1999, XML Path Language (XPath) Version 1.0, W3C Recommendation, Copyright ©

[16 November 1999] World Wide Web Consortium (Massachusetts Institute of Technology, Institut

National de Recherche en Informatique et en Automatique, Keio University),
http://www.w3.org/TR/1999/REC-xpath-19991116.
3 Definitions

For the purposes of this Recommendation | International Standard, the following definitions apply.

3.1 Imported definitions

This Recommendation | International Standard uses the following terms defined in ITU-T Rec. X.891 |

ISO/IEC 24824-1:
a) fast infoset document;
b) information item;
c) initial vocabulary;
d) XML infoset.
3.2 Additional definitions

3.2.1 application-level extensions (for W3C Encryption): A term applied to requirements of this

Recommendation | International Standard that specify the actions to be taken by an application when the

W3C Encryption processing rules do not fully specify the actions to be taken.

3.2.2 canonical Fast Infoset algorithm: An algorithm that takes as input an XML infoset (see W3C XML

Information Set) or an XPath node set (see W3C XPath) and generates, as output, a canonical fast infoset document.

3.2.3 canonical fast infoset document: A fast infoset document generated by a canonical Fast Infoset algorithm.

3.2.4 canonical XML algorithm: An algorithm that takes as input an XML infoset, a well-formed XML document

or an XPath node set, and generates, as output, a well-formed XML document in canonical form.

NOTE – Canonical XML algorithms are currently specified by W3C Canonical XML and W3C Exclusive Canonical XML.

3.2.5 canonical XML document: A well-formed XML document generated by a canonical XML algorithm.

3.2.6 element part (of an XML infoset): An element information item (and all information items that are

descendents of the element information item).

3.2.7 element content part (of an XML infoset): All the information items in the [children] property of an element

information item (and all information items that are descendents of those information items).

4 Abbreviations

For the purposes of this Recommendation | International Standard, the following abbreviations apply:

URI Uniform Resource Identifier
UTF-8 Universal Transformation Function 8-bit (see ISO/IEC 10646, Annex D)
W3C World Wide Web Consortium
5 Notation

5.1 In this Recommendation | International Standard, bold Courier is used for ASN.1 notation and bold Arial is

used for W3C XML syntax and for the names of information items of the XML Information Set.

5.2 The names of information items' properties are in bold Arial and enclosed between square brackets (for

example, [children] property).
5.3 URIs are in bold Arial and enclosed between normal quotes.
EXAMPLE: "http://www.w3.org/2003/05/soap-envelope".
2 ITU-T Rec. X.893 (05/2007)
---------------------- Page: 8 ----------------------
ISO/IEC 24824-3:2008 (E)
6 Canonical Fast Infoset algorithms
6.1 Requirements on canonical Fast Infoset algorithms

6.1.1 The following subclauses specify the input to and the general requirements on canonical Fast Infoset

algorithms. Specific Fast Infoset algorithms (that make reference to this clause) are specified in 6.4.

6.1.2 A canonical Fast Infoset algorithm shall specify a canonical XML algorithm that is used in the conceptual

transformation process (see 6.1.5).

NOTE – It is not in the scope of this Recommendation | International Standard to specify canonical XML algorithms. Algorithms

used in 6.4 are currently (only) specified in W3C Canonical XML and W3C Exclusive Canonical XML.

6.1.3 A canonical Fast Infoset algorithm shall specify a URI that is used for declaration of the algorithm in W3C

XML Signature information items (see 7.2).

6.1.4 A canonical Fast Infoset algorithm shall produce a canonical fast infoset document by the transformation of

either or both of the following inputs:
a) an XML infoset; or

b) an XPath node set that produces a well-formed XML document when transformed as specified in 6.1.5 a.

NOTE 1 – Support of XPath node sets is required to ensure that this Recommendation | International Standard is

compatible with the XML security-related standards. W3C Canonical XML and W3C Exclusive Canonical XML use

the XPath data model (see W3C XPath, clause 5). W3C XML Signature specifies transformations using XPath for

canonicalization and filtering (see W3C XML Signature, 6.5 and 6.6.3 respectively).

NOTE 2 – Input of an XPath node set that produces an XML document that is not well-formed is not supported for

Fast Infoset canonicalization (and hence for W3C XML Signatures produced using a canonical Fast Infoset

algorithm).

6.1.5 The conceptual transformation steps performed by a canonical Fast Infoset algorithm to produce a canonical

fast infoset document shall be as follows:

a) the input XML infoset or input XPath node set is transformed (by a canonical XML algorithm) to

produce a canonical XML document, as specified in 6.2;

b) the canonical XML document is parsed to produce an XML infoset; this will be a canonical XML

infoset; and

c) the canonical XML infoset is serialized as a canonical fast infoset document, with restrictions specified

in 6.3.

NOTE – Implementations may choose to optimize the steps so that an XML infoset or an XPath node set is transformed directly

to a canonical fast infoset document without producing the intermediate canonical XML document as long as the result is the

same as if all steps were performed.

6.1.6 When serializing into a canonical fast infoset document, the order of attributes shall be the order of the

corresponding Canonical XML document.

NOTE 1 – Attribute information items among the [namespace attributes] and [attributes] properties of element information items are

unordered (see W3C XML Information Set, 2.2). Subclause 6.1.6 preserves the document order of attributes information items

produced from parsing the canonical XML document.

NOTE 2 – W3C Canonical XML (an XML canonical algorithm) extends the document order of XPath node sets (see W3C

XPath, 5) such that an element's namespace and attribute nodes are canonically ordered (see W3C Canonical XML, 2.2).

6.2 Requirements on canonical XML algorithms for use by a canonical Fast Infoset algorithm

6.2.1 The following subclause specifies the requirements that a canonical XML algorithm has to satisfy in order for

it to be used when defining a canonical Fast Infoset algorithm.

NOTE – The algorithms specified in W3C Canonical XML and W3C Exclusive Canonical XML satisfy these requirements.

6.2.2 A canonical XML algorithm used in defining a canonical Fast Infoset algorithm shall be capable of

transforming (to a well-formed canonical XML document) all those inputs that the canonical Fast Infoset algorithm

supports (see 6.1.4).

NOTE – Such canonical XML algorithms are specified by W3C Canonical XML and W3C Exclusive Canonical XML.

6.3 Restrictions when serializing an XML infoset to a canonical fast infoset document

NOTE – This serialization is step c of 6.1.5 which is used when producing octets for signing.

6.3.1 Values of the NonIdentifyingStringOrIndex type (see ITU-T Rec. X.891 | ISO/IEC 24824-1, 7.14) shall

consist of the literal-character-string alternative with the add-to-table component set to FALSE.

ITU-T Rec. X.893 (05/2007) 3
---------------------- Page: 9 ----------------------
ISO/IEC 24824-3:2008 (E)

6.3.2 The UTF-8 encoding (see ISO/IEC 10646) shall be used for all character strings represented as values of the

EncodedCharacterString type (see ITU-T Rec. X.891 | ISO/IEC 24824-1, 7.17).

NOTE – Such character strings will be associated with sequences of adjacent character information items and the [normalized

value] properties of attribute information items.

6.3.3 A sequence of adjacent character information items, starting from the first character information item that has

no previous character item directly next to it in the [children] property to the last character information that has no

further character information item directly next to it in the [children] property, shall be represented by a single value of

the CharacterChunk type (see ITU-T Rec. X.891 | ISO/IEC 24824-1, 7.7).

6.3.4 If the sequence of adjacent character information items exceeds the maximum allowed for a value of the

CharacterChunk type (2 ), then there shall be consecutive values of a CharacterChunk type for each consecutive

maximum sequence of adjacent character information items.

6.3.5 A canonical fast infoset document shall not have an initial vocabulary. The initial-vocabulary

component of a value of the Document type shall be absent (see ITU-T Rec. X.891 | ISO/IEC 24824-1, 7.2.1).

6.3.6 A vocabulary table (see ITU-T Rec. X.891 | ISO/IEC 24824-1, clause 6) shall not contain duplicate table

entries. ITU-T Rec. X.891 | ISO/IEC 24824-1, 7.13.7, is applied with the restriction that action 7.13.7 b shall not be

performed if an identical character string exists in the current content of the applicable string table.

NOTE – The CONTENT CHARACTER CHUNK table and the ATTRIBUTE VALUE table (see ITU-T Rec. X.891 |

ISO/IEC 24824-1, 8.4) will contain no table entries due to the restriction specified in 6.3.1.

6.4 Canonical Fast Infoset algorithms

6.4.1 The following subclauses specify four canonical Fast Infoset algorithms. In each case, the canonical XML

algorithm to be used is specified (see 6.1.2), together with the URI for the Fast Infoset algorithm (see 6.1.3).

6.4.2 The "inclusive canonical Fast Infoset algorithm without comments" shall be identified by the URI

"urn:fastinfoset:c14n:inclusive" using the canonical XML algorithm specified in W3C Canonical XML, with the second

input parameter (see W3C Canonical XML, 2.1) set to false.

NOTE – The second input parameter is a boolean that indicates whether or not comments should be included in the canonical

form produced by the Canonical XML algorithm.

6.4.3 The "inclusive canonical Fast Infoset algorithm with comments" shall be identified by the URI

"urn:fastinfoset:c14n:inclusive:withcomments" using the canonical XML algorithm specified in W3C Canonical XML,

with the second input parameter (see W3C Canonical XML, 2.1) set to true.

6.4.4 The "exclusive canonical Fast Infoset algorithm without comments" shall be identified by the URI

"urn:fastinfoset:c14n:exclusive" using the canonical XML algorithm specified in W3C Exclusive Canonical XML, with

the second input parameter (see W3C Exclusive Canonical XML, clause 3) set to false. This Fast Infoset algorithm has

a parameter that is an "InclusiveNamespace PrefixList" parameter (see W3C Exclusive Canonical XML, 1.1), which

can be null, and which is passed unmodified to the canonical XML algorithm.

6.4.5 The "exclusive canonical Fast Infoset algorithm with comments" shall be identified by the URI

"urn:fastinfoset:c14n:exclusive:withcomments" using the canonical XML algorithm specified in W3C Exclusive Canonical

XML, with the second input parameter (see W3C Exclusive Canonical XML, clause 3) set to true. This Fast Infoset

algorithm has a parameter that is an "InclusiveNamespace PrefixList" parameter (see W3C Exclusive Canonical

XML, 1.1), which can be null, and which is passed unmodified to the canonical XML algorithm.

7 W3C XML Signature and Fast Infoset

7.1 The use of a canonical Fast Infoset algorithm (see 6.4) is specified in the following subclauses.

7.2 The Algorithm attribute information item in the [attributes] property of a CanonicalizationMe

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.