The State of VOEvent

Steve Allen sla at ucolick.org
Fri Jun 6 15:03:27 PDT 2008 

On Fri 2008-06-06T14:23:22 -0700, Rob Seaman hath writ:
> A) Authentication.  The sense of the WG in Trieste was that digital
> signatures not be embedded within VOEvent packets themselves.  Two
> distinct technologies have been proposed.  Each has already been
> prototyped.  Now we need a coherent pilot project to carry one or both
> of these forward in a VOEventNet-wide fashion.  There is no reason to
> create a signature if nobody will later check it - this implies
> support of one sort or another within our browsers.  Let's find a
> middle road between racing forward willy-nilly on the one hand - and
> doing nothing at all on the other.

I wasn't at Trieste, but if I'm not mistaken the two technologies are

1) Detached Signatures within the scope of XML
   a la the W3C Signature standard

<VOEventSigWrapper>
<VOEvent>[as per existing specs]</VOEvent>
<Signature>[w3c sig content]</Signature>
</VOEventSigWrapper>

This is what was implemented at NVOSS 2005.
It has the content in some sort of signed wrapper
which implies that parties wishing to use it want to
define the schema of the <VOEventSigWrapper> and that
parties who don't care can just strip out the
<VOEvent>s from inside the wrapper.

2) PGP signatures

As described and implemented earlier this year by Bob Denny.

> In addition, I'd also like to
> evaluate a lightweight checksum scheme for use within a packet,
> similar to the FITS Checksum convention.

I remain unsure how this, or the PGP method, can work in XML because

<Outer><Inner>content</Inner></Outer>

is equivalent to

<Outer>
<Inner>content</Inner>
</Outer>

That is the point of the canonicalization algorithm used in W3C
Signature -- that the content must first be rendered into canonical
form, and then the checksum/hash algorithm is applied.

Can all parties agree never to use any XML tools that reformat the
elements in ways that are content idempotent but bitwise different?
Are there tools that make that sort of guarantee?

--
Steve Allen                 <sla at ucolick.org>                WGS-84 (GPS)
UCO/Lick Observatory        Natural Sciences II, Room 165    Lat  +36.99855
University of California    Voice: +1 831 459 3046           Lng -122.06015
Santa Cruz, CA 95064        http://www.ucolick.org/~sla/     Hgt +250 m

More information about the voevent mailing list