W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2009

Re: Proposed requirements update related to prefix rewriting

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Tue, 27 Oct 2009 13:56:17 -0400
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <1E09FE98-6AC3-43E9-9AB3-108EE5399415@nokia.com>
To: ext Pratik Datta <pratik.datta@oracle.com>
Thanks Pratik

How's this minor revision (added last sentence to address Hal's  
question):

Canonical XML should support the option of namespace prefix re- 
writing, optionally including rewriting prefixes that are embedded in  
the content as QNames. This can include, for example, QNames inside an  
xsi:type attribute. QNames embedded in xsi:type are easy to detect,  
but some other instances of QNames in content may be hard to detect,  
so prefix rewriting may break the meaning of QNames. The advantage of   
using prefix rewriting is to avoid attaching significance to the  
prefix name since two different prefix names are considered to  
semantically equivalent if the prefixes map to the same namespace URI.  
In this case they should canonicalize to the same value, as will  
happen with prefix rewriting. Prefixes may be rewritten using unique  
string values, URIs or other mechanisms, depending on the  
specification design.

Regarding design material:

I thought about removing it, but thought it might be useful to retain  
the record of considerations. What do others think?

regards, Frederick

Frederick Hirsch
Nokia



On Oct 27, 2009, at 1:26 PM, ext Pratik Datta wrote:

>
> I would put it like this.
>
> Canonical XML should support the option of namespace prefix re- 
> writing, optionally including rewriting prefixes that are embedded  
> in the content as QNames, for example inside an xsi:type attribute.  
> QNames embedded in xsi:type are easy to detect, but some other  
> instances of QNames in content may be hard to detect, so prefix  
> rewriting may break the meaning of QNames. The advantage of  using  
> prefix rewriting is to avoid attaching significance to the prefix  
> name, because two different prefixes names are considered to  
> semantically equivalent if the prefixes map to the same namespace  
> URI, so they should canonicalize to the same value.
>
>
> Here are the changes
> 	 Instead of just limiting prefix rewriting to xsi:type, I have  
> generalized the requirement to prefixes in any content, with  
> xsi:type being an example of it.
> 	 I don't want to say "not guaranteed to be preserved", that is too  
> mild, because in both the prefix rewriting schemes that we have  
> suggested, all the prefixes are completely changed
> 	 I want to qualify that we are not breaking QNames in all  
> situations, we are definitely taking care of QNames in xsi:type  
> which is actually the 80% use case for Qnames in content.
> 	 Mentioning "semantic equivalence" of prefixes.
>
>
>
> Should we remove the whole "Section 4. Design" from the requirements  
> document? All that is anyway part of the Signature 2.0 and C14N 2.0  
> specs now.
>
> Pratik
>
>
> Frederick Hirsch wrote:
>>
>> Here is an updated proposal to revise the requirements [1] for  
>> prefix normalization, taking into account xsi:type:
>>
>> (1) Change the section titled "Relax certain guarantees" as follows:
>>
>> Change section title to "Enable optional prefix rewriting" and  
>> change the text:
>>
>> "A limited revised version of Canonical XML might be one in which  
>> namespace prefixes are not guaranteed to be preserved, possibly   
>> breaking the meaning of QNames."
>>
>> to
>>
>> "Canonical XML should support the option of namespace prefix re- 
>> writing, optionally including rewriting within xsi:type attributes  
>> as well. In the case of prefix rewriting namespace prefixes are not  
>> guaranteed to be  preserved, possibly breaking the meaning of  
>> QNames.  The advantage of  using prefix rewriting is to avoid the  
>> complexity and confusion with prefixes used for different  
>> namespaces in different subtrees. This avoids mapping issues and  
>> the need for an implementation to store additional information for  
>> each node. When the prefix rewriting option is used, the xsi:type  
>> attribute may also have prefix rewriting as well. "
>>
>> In section 4.4, "The Canonicalization Element" change #5 from
>>
>> "5 preservePrefixes whether the prefix name is significant. When  
>> there are QNames in content, prefixes are probably significant,  
>> otherwise they could be expanded out into URIs or converted into  
>> n1. n2, n3 etc"
>>
>> to
>>
>> "5 preservePrefixes whether the prefix name is significant. When  
>> there are QNames in content, prefixes are probably significant,  
>> otherwise they could be expanded out into URIs or converted into  
>> n1. n2, n3 etc. Prefixes in xsi:type attribute values can also be  
>> rewritten when prefix rewriting  is performed if the xsiTypeAware  
>> option is set."
>>
>> This should close ACTION-402.
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>> [1] http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html
>>
>> On Oct 19, 2009, at 12:08 PM, Hirsch Frederick (Nokia-CIC/Boston)  
>> wrote:
>>
>>> In my absence I received an action (ACTION-402) to update the
>>> requirements document for ISSUE-136.
>>>
>>> ISSUE-136 states: "Is normalization of prefixes a goal for 2.0 c14n"
>>>
>>> The 2.0 proposal supports normalization of prefixes as an option,  
>>> see
>>> the prefixRewrite parameter described in the Canonical XML Version  
>>> 2.0
>>> editors draft
>>>
>>> http://www.w3.org/2008/xmlsec/Drafts/c14n-20/#Canonicalization-Parameters
>>>
>>> That document also lists requirements, specifically:
>>> [[
>>>
>>> 1.4.3 Robustness
>>>
>>> Whitespace handling was a common cause of signature breakages. XML
>>> libraries allow one to "pretty print" an XML document, and most  
>>> people
>>> wrongly assume that the white space introduced by pretty printing  
>>> will
>>> be removed by canonicalization but that is not the case. This
>>> specification adds three techniques to improve robustness:
>>>
>>>      Remove leading and trailing whitespace from text nodes,
>>>      Allow for QNames in content especially in the xsi:type  
>>> attribute,
>>>      Rewrite prefixes
>>> ]]
>>>
>>> To complete ACTION-402, I suggest the following requirements  
>>> document
>>> changes to the XML Signature Transform Simplification: Requirements
>>> document
>>>
>>> http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html#id83777
>>>
>>> (1) Change the section titled "Relax certain guarantees" as follows:
>>>
>>> Change section title to "Enable optional prefix rewriting "
>>> Change
>>>
>>> "A limited revised version of Canonical XML might be one in which
>>> namespace prefixes are not guaranteed to be preserved, possibly
>>> breaking the meaning of QNames."
>>> to
>>>
>>> "Canonical XML should support the option of namespace prefix re-
>>> writing. In this case namespace prefixes are not guaranteed to be
>>> preserved, possibly breaking the meaning of QNames.  The advantage  
>>> of
>>> using this option is avoiding the complexity and confusion of  
>>> prefixes
>>> that are used for different namespaces in different subtrees,  
>>> avoiding
>>> mapping issues and the need to store additional information for each
>>> node for this mapping."
>>>
>>>
>>>
>>>
>>> regards, Frederick
>>>
>>> Frederick Hirsch
>>> Nokia
>>>
>>>
>>>
>>
>>
>
Received on Tuesday, 27 October 2009 20:18:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:00 GMT