W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2009

Re: Proposed requirements update related to prefix rewriting

From: Pratik Datta <pratik.datta@oracle.com>
Date: Tue, 27 Oct 2009 10:26:06 -0700
Message-ID: <4AE72D2E.7020907@oracle.com>
To: Frederick Hirsch <Frederick.Hirsch@nokia.com>
CC: XMLSec WG Public List <public-xmlsec@w3.org>

I would put it like this.

Canonical XML should support the option of namespace prefix re-writing, 
optionally including rewriting prefixes that are embedded in the content 
as QNames, for example inside an xsi:type attribute. QNames embedded in 
xsi:type are easy to detect, but some other instances of QNames in 
content may be hard to detect, so prefix rewriting may break the meaning 
of QNames. The advantage of  using prefix rewriting is to avoid 
attaching significance to the prefix name, because two different 
prefixes names are considered to semantically equivalent if the prefixes 
map to the same namespace URI, so they should canonicalize to the same 
value.


Here are the changes

    * Instead of just limiting prefix rewriting to xsi:type, I have
      generalized the requirement to prefixes in any content, with
      xsi:type being an example of it.
    * I don't want to say "not guaranteed to be preserved", that is too
      mild, because in both the prefix rewriting schemes that we have
      suggested, all the prefixes are completely changed
    * I want to qualify that we are not breaking QNames in all
      situations, we are definitely taking care of QNames in xsi:type
      which is actually the 80% use case for Qnames in content.
    * Mentioning "semantic equivalence" of prefixes.




Should we remove the whole "Section 4. Design" from the requirements 
document? All that is anyway part of the Signature 2.0 and C14N 2.0 
specs now.

Pratik


Frederick Hirsch wrote:
> Here is an updated proposal to revise the requirements [1] for prefix 
> normalization, taking into account xsi:type:
>
> (1) Change the section titled "Relax certain guarantees" as follows:
>
> Change section title to "Enable optional prefix rewriting" and change 
> the text:
>
> "A limited revised version of Canonical XML might be one in which 
> namespace prefixes are not guaranteed to be preserved, possibly  
> breaking the meaning of QNames."
>
> to
>
> "Canonical XML should support the option of namespace prefix 
> re-writing, optionally including rewriting within xsi:type attributes 
> as well. In the case of prefix rewriting namespace prefixes are not 
> guaranteed to be  preserved, possibly breaking the meaning of QNames.  
> The advantage of  using prefix rewriting is to avoid the complexity 
> and confusion with prefixes used for different namespaces in different 
> subtrees. This avoids mapping issues and the need for an 
> implementation to store additional information for each node. When the 
> prefix rewriting option is used, the xsi:type attribute may also have 
> prefix rewriting as well. "
>
> In section 4.4, "The Canonicalization Element" change #5 from
>
> "5 preservePrefixes whether the prefix name is significant. When there 
> are QNames in content, prefixes are probably significant, otherwise 
> they could be expanded out into URIs or converted into n1. n2, n3 etc"
>
> to
>
> "5 preservePrefixes whether the prefix name is significant. When there 
> are QNames in content, prefixes are probably significant, otherwise 
> they could be expanded out into URIs or converted into n1. n2, n3 etc. 
> Prefixes in xsi:type attribute values can also be rewritten when 
> prefix rewriting  is performed if the xsiTypeAware option is set."
>
> This should close ACTION-402.
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
> [1] http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html
>
> On Oct 19, 2009, at 12:08 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
>
>> In my absence I received an action (ACTION-402) to update the
>> requirements document for ISSUE-136.
>>
>> ISSUE-136 states: "Is normalization of prefixes a goal for 2.0 c14n"
>>
>> The 2.0 proposal supports normalization of prefixes as an option, see
>> the prefixRewrite parameter described in the Canonical XML Version 2.0
>> editors draft
>>
>> http://www.w3.org/2008/xmlsec/Drafts/c14n-20/#Canonicalization-Parameters 
>>
>>
>> That document also lists requirements, specifically:
>> [[
>>
>> 1.4.3 Robustness
>>
>> Whitespace handling was a common cause of signature breakages. XML
>> libraries allow one to "pretty print" an XML document, and most people
>> wrongly assume that the white space introduced by pretty printing will
>> be removed by canonicalization but that is not the case. This
>> specification adds three techniques to improve robustness:
>>
>>      Remove leading and trailing whitespace from text nodes,
>>      Allow for QNames in content especially in the xsi:type attribute,
>>      Rewrite prefixes
>> ]]
>>
>> To complete ACTION-402, I suggest the following requirements document
>> changes to the XML Signature Transform Simplification: Requirements
>> document
>>
>> http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html#id83777 
>>
>>
>> (1) Change the section titled "Relax certain guarantees" as follows:
>>
>> Change section title to "Enable optional prefix rewriting "
>> Change
>>
>> "A limited revised version of Canonical XML might be one in which
>> namespace prefixes are not guaranteed to be preserved, possibly
>> breaking the meaning of QNames."
>> to
>>
>> "Canonical XML should support the option of namespace prefix re-
>> writing. In this case namespace prefixes are not guaranteed to be
>> preserved, possibly breaking the meaning of QNames.  The advantage of
>> using this option is avoiding the complexity and confusion of prefixes
>> that are used for different namespaces in different subtrees, avoiding
>> mapping issues and the need to store additional information for each
>> node for this mapping."
>>
>>
>>
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>
>
Received on Tuesday, 27 October 2009 20:22:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:00 GMT