XForms Digital Signing and XML Signature

hey,
 As seen in http://2006.xmlconference.org/proceedings/100/slides.html
XForms + XFDL/XHTML allows for a really clean implementation of XML
Signing etc. I was wondering ... what does Orbeon forms do on noticing
the XML Signature Namespace in an XForms document? Is it able to
change it to its equivalent JavaScript?
Regards,
dev



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Dev,

At the moment the answer is that Orbeon Forms doesn't do anything with
XML signatures. We would like to do some work in this area, and would
even like it better if somebody sponsored it ;-), but for now this is
not a feature of Orbeon Forms.

-Erik

dev wrote:
> hey,
> As seen in http://2006.xmlconference.org/proceedings/100/slides.html
> XForms + XFDL/XHTML allows for a really clean implementation of XML
> Signing etc. I was wondering ... what does Orbeon forms do on noticing
> the XML Signature Namespace in an XForms document? Is it able to
> change it to its equivalent JavaScript?
> Regards,
> dev
>


--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hey,
Thanks for the quick reply Erik.

Is there any way I could enable Client Side Digital Signatures of web
forms in Orbeon or otherwise that you are aware of? My main aim is to
use an existing PKI infrastructure to have digital client side
Signatures for *Non-Repudiation*. I was wondering... how does Orbeon
Forms enable non-repudiation? You said Orbeon doesn't do anything with
XML Signatures ... Is there a way I can do *any* form of client side
signatures in Orbeaon?

dev


On 6/6/07, Erik Bruchez <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Infact.. Is it even possible in Javascript to access the browser cert
store and do the hashing and signing ? If it is, then maybe I can
write a simple JS way to do the signing ( I don't really need the
remaining AJAX style stuff of Xforms .. I just want to achieve
non-repudiation!)

Regards,
dev

On 6/6/07, dev <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

dev,

> Is there any way I could enable Client Side Digital Signatures of web
> forms in Orbeon or otherwise that you are aware of? My main aim is to
> use an existing PKI infrastructure to have digital client side
> Signatures for *Non-Repudiation*. I was wondering... how does Orbeon
> Forms enable non-repudiation? You said Orbeon doesn't do anything with
> XML Signatures ... Is there a way I can do *any* form of client side
> signatures in Orbeaon?

Do you mean "as is, without writing code" or "in theory, with additional
development"? Clearly, since we do not support anything related to
digital signatures at the moment, it can only be the latter option.

What is it exactly you would like to sign? The form data, or the
complete form UI? Do you have any example of existing web-based
applications doing this?

 > Infact.. Is it even possible in Javascript to access the browser cert
 > store and do the hashing and signing ? If it is, then maybe I can
 > write a simple JS way to do the signing ( I don't really need the
 > remaining AJAX style stuff of Xforms .. I just want to achieve
 > non-repudiation!)

I don't have the answer to your question unfortunately. But I have some
doubts that JavaScript allows you to use the client certificate this
way. It was my understanding (but I may be wrong) that client
certificates were used for authentication only.

Does anybody know more?

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

> Do you mean "as is, without writing code" or "in theory, with additional
> development"? Clearly, since we do not support anything related to
> digital signatures at the moment, it can only be the latter option.

Both...I wouldn't mind reasonable amounts of Code development ...(but
if you ask me to integrate or copy the whole freaking Apache XML
security or something , I can't do that :) )

BTW, does CHIBA or something support Digital Signatures? Maybe we
could flick that? :)

> What is it exactly you would like to sign? The form data, or the
> complete form UI? Do you have any example of existing web-based
> applications doing this?

The Xforms spec requires you to sign the UI + data ... otherwise it
doesn't make much sense AFAIK. (altho I think it only signs the XML
instance .. all the presentations said "what you see is what you sign"
while XML Signature would just sign the instance .. so I am not
clear).
I dont have an example . Although
http://www.infomosaic.com/SecureXMLOverview.pdf seems to be promising
(closed source).

 The other examples can only be seen by XML browsers . For e.g any
Xforms + XHTML +XML Signature implementation can be run in X-Smiles
browser ...

On 6/6/07, Erik Bruchez <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/6/07, dev <[hidden email]> wrote:
> Both...I wouldn't mind reasonable amounts of Code development ...(but
> if you ask me to integrate or copy the whole freaking Apache XML
> security or something , I can't do that :) )

Just to contribute to the discussion, here is an architecture we have
in mind to support digital signature.

The goal is:
* To enable a user X to sign through a UI data stored in an instance.
* To enable another user (or system) to check that it indeed user X
that signed the data.
* To prevent someone gaining access to the database where the
instances and user keys are stored from tampering the data there so it
looks like a user X signed something that in fact X didn't sign.

Keys stored:
* Each user that has the ability to sign an instance has a
private/public key pair stored on the server-side.
* The public key is stored as-is. But the private key is encrypted
with a password that only the user knows and which is not stored
server-side (or anywhere else). So private keys are never stored
as-is. Someone gaining access to the database does not get access to
any private key.

To sign an instance:
* User X is presented with a "signing control" where he needs to enter
his password.
* The server decrypts in memory the private key using the password,
creates a signature using that private key, add the signature to the
instance (using XML-Signature).

To verify that an instance is signed:
* There is a "signature control" which checks that it is indeed user X
that signed the instance by matching the signature with X's public
key. If they match it shows that it has been verified that X signed
the data.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

hey,

I am a noob so I apologise in advance for any conceptual mistakes and
errors I make. Please correct me!  Most of the stuff below is based
upon what I read and I certainly don't have the on-hand practical
experience and knowledge that you guys have.

 No user will agree to give his private key to a server. Repeat NO ONE
(sorry for all caps) :).

 If you are transmitting the password over the network , then you are
defeating the very purpose of PKI. PKI aims to have signatures so that
there is nothing that is transmitted over the network that can be
misused. Everything that is transmitted is open to all and as such
can't cause problems. (The fact that it will be over an encrypted
connection is immaterial . If you really wanted something requiring
passwords, then the present method where everyone logs in with a
userid and pass is just fine.).

If you store the private key at the server and also ask the user to
send the password to the server, I am pretty sure that the signature
wouldn't be legally binding.

I believe what you are saying is just the wrong way of doing it.

But I also think it is the only way of doing it because the user
doesn't have the XML instance with him at the client side and thus
can't really make an XML Signature. So the XML Signature has to be
produced at the server side (after the form data is processed and
converted to XML Instance) in the present architecture. But producing
a signature at the server side has no legal value (AFAIK, IMHO) and
doesn't make much technical sense to me (other than supporting XML
Signatures in OPS).

Thus the only way out is that instead of transmitting data as normal
HTML Forms , OPS converts the output of the HTML Form to its
equivalent XML Instance and transmits the XML Instance as the data
inputted in a multi-line text field or something. I.E the server will
get a POST data with xmlinstance="the whole xml instance" , thats it!
nothing else! Only then can Signatures make sense to me.

If OPS sticks to a simple HTML form with data goin as POST data with a
million field and variable names then even if you manage to sign it ,
the signature can't be used for non-repudiation , only to ensure that
the data hasn't been attacked on the way from client to server which I
am pretty sure is done already.

Please see the article at http://www.ddj.com/dept/security/184405885 .
Seems to me that there is a way of doing Signatures in JavaScript.
Maybe orbeon can do something . I would love to do something myself
too. I dont know how we can handle digital filters etc. but a basic
signature can surely be made.ensure that the data hasn't been attacked
on the way from client to server which I am pretty sure must be done
already.

Again, noob here , so please freely correct any mistakes I made.

Regards,
dev



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/7/07, dev <[hidden email]> wrote:
>  No user will agree to give his private key to a server. Repeat NO ONE
> (sorry for all caps) :).

In this case users would not give their private key to the server.
Private keys would never be transmitted between the client and the
server. For that matter users would not even need to know that there
is a PKI behind the scene :). Users would only know that every time
there is something they want to sign, they need to enter a special
password (different from the password they use to normally log into
the application). The benefit of using PKI on the server is that one
can't break into the server database and change the signature the way
he wants.

It is arguable if having PKI on the client rather than the server more
or less secure (there are cases where it is more secure, others where
is less secure, so it mostly depends on the use cases you consider).
But for practical reasons, there are many barriers to implementing PKI
on the client, and this is the main reason why running PKI on the
server seems more realistic.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

I agree. But my point is ... how is this any different from the
present system where ppl login and authenticate? Also, you will be
sending password over the network ... which is exactly what PKI tries
to avoid ....

On 6/7/07, Alessandro Vernet <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/7/07, dev <[hidden email]> wrote:
> I agree. But my point is ... how is this any different from the
> present system where ppl login and authenticate? Also, you will be
> sending password over the network ... which is exactly what PKI tries
> to avoid ....

I am not sure if this is what you are asking, but without PKI and
signatures on the server, anyone who has access to the database can
modify data in there. So you could have someone use your application
to approve a purchase, and then someone else who has access to the
database modify the amount of the purchase. Without signatures and
PKI, there is no way to know that the data has been modified after it
has been approved.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

ohh yeah you are right!! my mistake!

but another of the stated aims of PKI is that anything that can be
misused isn't transffered over the network (encrypted or otherwise) in
the sense that PKI doesn't involve passwords moving over the networks.
This is what I was reffering too..

And I still think that the way you are talking is a really wrong way
of doing it.

dev

On 6/8/07, Alessandro Vernet <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/9/07, dev <[hidden email]> wrote:
> ohh yeah you are right!! my mistake!
>
> but another of the stated aims of PKI is that anything that can be
> misused isn't transffered over the network (encrypted or otherwise) in
> the sense that PKI doesn't involve passwords moving over the networks.
> This is what I was reffering too..

Yes, this is true. By having a server-side PKI, you don't get the
benefit of never having any password that goes over the network. But
that this is acceptable in most cases. I am not saying this is a good
thing in theory, or even the best we can do technically, but most
people and companies are OK having passwords go over HTTPS when
logging into PayPal or the web site of their bank or credit card
company.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Heya Alessandro and erik

I believe I have hit upon a nice way of doing it. Although you are
requested to criticise freely ;)

How about ...
 > The form data is first sent to the server.
 > The server converts it to its equivalent XML Instance (which it
anyway has to)
 > Then you send the XML instance back to the user as part of a form field
 > Then the user signs that XML Instance (i.e <foo> abc </foo> is
signed as text )
> then that signature is converted to XML Signature (dsig)

For an e.g of what I am talking about (where I got this idea from and
where you will hopefully get a better idea)

http://wiki.rcpt.to:8180/pkcs/convert.html

I think this is a much better way than what Allesandro was talking
about. What do you think?

Regards,
devdatta

On 6/10/07, Alessandro Vernet <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/11/07, dev <[hidden email]> wrote:
>  > Then the user signs that XML Instance (i.e <foo> abc </foo> is
> signed as text )

This step would run on the browser, right? How would the signature be
done? Are you aware of some JavaScript code we can use for this?

Overall, I think what you suggests makes sense.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

> This step would run on the browser, right? How would the signature be
> done? Are you aware of some JavaScript code we can use for this?

crypto.signText seems to work fine in all non-IE browsers whereas in
IE , you require some capicom libs etc. I am still looking into that ,
although many articles around the web suggest it is possible in
Javascript. See http://www.ddj.com/dept/security/184405885 for an e.g
Alternatively search in Google Code search for crypto.signText

http://wiki.rcpt.to:8180/pkcs/convert.html

in this page ... type in any XML stuff into the first text box and
click on sign ... it should give you an idea of what I am talking
about. Then click on convert.

Ofcourse for above you need to have a cert with your private key setup
properly. IF you don't have that already, try this .. . go CACert.org
and sign up for a free account. After you log in , click on 'client
certificates -> new' in right toolbox. Then get a client cert
installed . After that, you need to install root cert of cacert.org ,
see http://wiki.cacert.org/wiki/BrowserClients on how to do this in
Firefox. After that run the code available at
http://docs.sun.com/source/816-6152-10/ (the example part at bottom)
and you will see what I am saying, IMHO.


>Overall, I think what you suggests makes sense.

Thanks. I was mainly concerned whether the XML Signature generated
from the XML Document is correct in syntax etc. Seems to be fine to
me....

As a side note, firefox is "incredibly anal" about what it uses to
sign than what it imports. i.e it allows you to import any cert, but
while signing if the CA's root cert isn't there it won't sign the
document and go down with the very informative "error:internalError".
I busted my head on this for hours... :)

Regards,
dev



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/12/07, dev <[hidden email]> wrote:
> crypto.signText seems to work fine in all non-IE browsers whereas in
> IE , you require some capicom libs etc. I am still looking into that ,
> although many articles around the web suggest it is possible in
> Javascript. See http://www.ddj.com/dept/security/184405885 for an e.g
> Alternatively search in Google Code search for crypto.signText
> [...]

Thank you for all this great info. I will make sure to get back to it
if we get to implement this one day.

> As a side note, firefox is "incredibly anal" about what it uses to
> sign than what it imports. i.e it allows you to import any cert, but
> while signing if the CA's root cert isn't there it won't sign the
> document and go down with the very informative "error:internalError".
> I busted my head on this for hours... :)

Yes, and it will be tricky to get this to work flawlessly on all
browsers, while keeping things simple for the end-users who sometimes
won't have a clue of what PKI is :).

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hey,

Signing with Javascript is amazingly simple in non-IE browsers. And it
attaches the public key with it to the signature so you can add that
to the keyinfo part of the dsig later.

a trivial example is below:
---------------- code ---------------------------
<html><body>
<form method="post" action="http://ourhost/catchesthesign">

PKCS Signature

<textarea name="signature" id="signature" rows=10 cols=80></textarea>
<br/><br/>

<input type=submit value="Convert to XML-DSig signature"/>
</form>

<script type="text/javascript">
document.getElementById("signature").value =
crypto.signText("<foobar>This is the XML Xforms Instance</foobar>",
"auto");
</script>
</body>
</html>
-----------------code-------------------------------

you need to run non-IE and have a cert (and the root cert, I recommend
signing up on CACert.org) to get this working.

In an actual use case scenario the CERT installation will be already
done or will be really easy to do by the webapps provided by the PKI
ppl.

I have been reading around and it seems there is a way to do this in
IE too. I dont have windows on my work machine and will have to do the
requisite stuff later at home. If I manage to do it, I will just make
a new function that checks the browser (IE or NS) and then calls the
appropriate function.

Alex, this client side stuff is all simple (seemingly atleast!). The
real problem is how to convert this PKCS sign to XML Signature and I
have reading up on that for some time. There is already someone who
has done this, but I have to check to see if it is valid.

Also, as XML Signatures in XForms are usually enveloped signatures ,
you will need to add the final XML Signature generated to the
<foobar></foobar> document itself. With appropriate AJAX work, it
should be easy to do this all alongwith the form itself (i.e in the
same page).

By the way, I thought I had sent the last mail to the list .. but
stupid GMail screwed up and sent it to you. :)

Regards,
dev



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hey,
 I am pretty sure anyone following this thread would have read this
already, but I am sending it just for the sake of completeness :

http://2006.xmlconference.org/proceedings/100/frame.htm

is an essential reference for implementing XML Signatures inside XForms.

Regards,
dev

On 6/14/07, dev <[hidden email]> wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hey,

Ok the issue boils down to this.

1. We need the XML Instance (after the user fills in his info). This
will be made available by orbeon forms.

2. Then the XML needs to be signed. This is really easy in non-IE
browsers (see my earlier mail) and if all goes well I'll have a
solution for IE browsers by tonight (IST). It uses the CAPICOM lib.

3. Now the signature created by that should be converted into an XML
Signature. For that download the jars at
http://wiki.rcpt.to/download/pkcs/ and especially see the
http://wiki.rcpt.to/download/pkcs/pkcs-sources.jar . In that the file
PKCSToXMLDsig.java does what we need. (it is already a servlet so I
think it should be really easy to switch it to orbeon)

4. The signature so created must be added to the XML Instance (i.e
<foo></foo> should become <foo><dsig:></dsig:></foo>). This is
trivial.

5. The final XML Instance which has the enveloped signature should be
such that it can be verified. Even that has been implemented in the
earlier given jars:
Save the <foo><dsig:></disg:></foo> to a something.xml and then do

% java -cp commons-logging.jar:jss34.jar:pkcs.jar:xmlsec-1.3.0.jar
cx.mikolaj.pkcs.Verify something.xml

(the verify.java is in pkcs.jar and mostly uses the Apache XML Library).


The main thing to realize is when we sign the XML , the XML sent by
orbeon must already be canonicalized (or rather, the whitespaces must
be removed) cos the browser's crypto lib won't canonicalize it.(i.e
mozilla would sign <foo> </foo> different from <foo></foo> which is
against XML ). After converting the PKCS to XML Signature, no new
whitespaces can be added. This is a limitation we can't escape IMHO.

I was thinking ( :O !! ) , that if a web service is written that consumes the
XML Instance and spits out the XML Instance with enveloped signature as
well as another service which verifies the enveloped signature then
integrating XML Signatures within Orbeon would just consist of noticing
the presence of XML Signature Namespace. (We will ignore filters etc. for now).

Reminder/Disclaimer: still a *noob* . forgive any mistakes/stuff I
overlooked etc.

Please mail me any thoughts , questions etc.

Regards,
dev



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws