W3C home > Mailing lists > Public > public-ws-addressing@w3.org > December 2004

RE: id and opacity of refp's

From: Srinivas, Davanum M <Davanum.Srinivas@ca.com>
Date: Tue, 21 Dec 2004 22:00:39 -0500
Message-ID: <87527035FDD42A428221FA578D4A9A5B08A81B3D@usilms24.ca.com>
To: <public-ws-addressing@w3.org>

I seem to be constantly stirring up trouble...sorry!! :)

-- dims 

-----Original Message-----
From: public-ws-addressing-request@w3.org
[mailto:public-ws-addressing-request@w3.org] On Behalf Of Rich Salz
Sent: Tuesday, December 21, 2004 7:16 PM
To: public-ws-addressing@w3.org
Subject: xml:id and opacity of refp's

Dims posted a message ("just thinking out loud here...") that included a
snippet of an EPR with a DSIG in it.  It just brought to mind an issue.

One of XML's validity constraints is that attributes of type ID have
unique values.  In order to not generate invalid XML, a program that
uses the refp's from an EPR must scan them to make sure that the ID
attributes that *it* generates are unique.  This violates opacity, but
without that violation a client cannot be sure of generating valid

Further, while xml:id is useful, there are still many ID attributes in
other namespaces.  This requires even deeper knowledge and inspection by
the EPR recipient, further ripping away opacity.  It's a hard problem,
of course, since there is no guarantee that the EPR recipient will even
*know* what the ID attributes are inside a refp.

Short of probabilistic values for ID attributes (viz., MIME separators
for multipart), opacity must be broken.
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview
Received on Wednesday, 22 December 2004 03:00:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:07 UTC