W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2010

RE: ACTION-581: proposal around IDness of attributes

From: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 26 Aug 2010 10:17:31 -0400
To: "'Pratik Datta'" <pratik.datta@oracle.com>, <public-xmlsec@w3.org>
Message-ID: <00b101cb4529$6ba91590$42fb40b0$@osu.edu>
> Since this element is per reference, should the signer precisely specify
how
> the ID was specified, or give a generic list of ID attribute definitions?

The latter, because of the option to use them in XPath selections. If you
remove that aspect from the XPath subset you're allowing, then I would say
we can switch it to one and optimize the syntax.

> E.g. let us say the first reference  uses xml:Id and the second uses
wsu:ID.
> Does the signer have to put in xml:Id  for the first and wsu:ID front the
> second, or can he put in both for both references? The second option is
> imprecise, but it is easier for the signer, he can just say list out all
the
> Id mechanisms that he normally uses, and not precisely specify which one
he
> is using for a particular reference. However the first option is better
for
> the verifier and that is what I have assumed.

Either is fine, IMHO. I would probably use text like "if the selection URI
or XPath expressions include the use of an ID attribute, the signer SHOULD
identify all such attributes using the dsig2:IDAttributes element".

-- Scott
Received on Thursday, 26 August 2010 14:18:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 August 2010 14:18:04 GMT