W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008

Re: Some strawman ideas concerning <ds:Transforms>

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 23 Jul 2008 09:11:29 -0400
To: public-xmlsec@w3.org
Message-id: <48872E01.9040105@sun.com>

It seems like it is definitely worth exploring. So, as I understand, 
something like:

<Transforms>
   <Transform Algorithm="http://www.w3.org/.../streaming-transform"/>
</Transforms>

would trigger the implementation into expecting a streaming node-set 
output from the URI dereferencing.

I would need a little more time to think about this, but I think the JSR 
105 API should be able to be extended to accomodate a model like this.

--Sean

Thomas Roessler wrote:
> Some quick notes on some ideas that came up in the last hour or so
> of the face-to-face, on how to use ds:Transforms as an extension
> point:
> 
> - We could define an "assertion transform" that isn't really a
>   transform, but permits an implementation to make certain
>   assumptions -- either about the structure of the data, or about
>   the structure of further transforms within the chain.
> 
> - Assuming that we define an extended transform model (which doesn't
>   use node-sets, but operates on some other representation of
>   subsets of the infoset), we could define a special-purpose
>   transform that switches implementations into this model without
>   breaking the compatibility story.
>   
>   More specifically, implementations could be entitled to lazily
>   dereference the URI parameter in a ds:Reference, and not even
>   generate a node-set when the transform in question is the first
>   one.
> 
> - There's also the pattern of a dereferencing transform (known from
>   WS-Security).
> 
> Thoughts?
Received on Wednesday, 23 July 2008 13:12:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT