- From: Scott Cantor <cantor.2@osu.edu>
- Date: Thu, 26 Aug 2010 10:17:31 -0400
- To: "'Pratik Datta'" <pratik.datta@oracle.com>, <public-xmlsec@w3.org>
> Since this element is per reference, should the signer precisely specify how > the ID was specified, or give a generic list of ID attribute definitions? The latter, because of the option to use them in XPath selections. If you remove that aspect from the XPath subset you're allowing, then I would say we can switch it to one and optimize the syntax. > E.g. let us say the first reference uses xml:Id and the second uses wsu:ID. > Does the signer have to put in xml:Id for the first and wsu:ID front the > second, or can he put in both for both references? The second option is > imprecise, but it is easier for the signer, he can just say list out all the > Id mechanisms that he normally uses, and not precisely specify which one he > is using for a particular reference. However the first option is better for > the verifier and that is what I have assumed. Either is fine, IMHO. I would probably use text like "if the selection URI or XPath expressions include the use of an ID attribute, the signer SHOULD identify all such attributes using the dsig2:IDAttributes element". -- Scott
Received on Thursday, 26 August 2010 14:18:03 UTC