W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2010

RE: ACTION-581: proposal around IDness of attributes

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sat, 16 Oct 2010 16:35:40 -0700 (PDT)
Message-ID: <70330975-b47c-4026-8c60-97ffa9acd3b9@default>
To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
I have updated the schema based on the first option, where each IDAttribute mentions the ID referencing mechanism for that ID only. Have we resolved to go with this option?

Here is the schema snippet.   This should close my ACTION-662.  Also related to ACTION-647 and ACTION-661

	<element name="Verification" type="dsig2:VerificationType"/>
	<complexType name="VerificationType">
            <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
                The <disg2:Verification> element can have any of the following subelements in any order,  or have any user defined elements
               <element ref="disg2:DigestDataLength">
               <element ref="dsig2:PositionAssertion">
               <element ref="disg2:IDAttributes">
	<element name="DigestDataLength" type="integer"/>
	<element name="PositionAssertion" type="string"/>
	<element name="IDAttributes" type="dsig2:IDAttributesType"/>
	<complexType name="IDAttributesType">
	       <element name="QualifiedID">
	               <attribute name="name" type="string" use="required"/>
	               <attribute name="ns" type="string" use="required"/>
           <element name="UnqualifiedID">
                   <attribute name="name" type="string" use="required"/>
                   <attribute name="parentname" type="string" use="required"/>
                   <attribute name="parentns" type="string" use="required"/>

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Thursday, August 26, 2010 7:18 AM
To: Pratik Datta; public-xmlsec@w3.org
Subject: RE: ACTION-581: proposal around IDness of attributes

> Since this element is per reference, should the signer precisely specify
> the ID was specified, or give a generic list of ID attribute definitions?

The latter, because of the option to use them in XPath selections. If you
remove that aspect from the XPath subset you're allowing, then I would say
we can switch it to one and optimize the syntax.

> E.g. let us say the first reference  uses xml:Id and the second uses
> Does the signer have to put in xml:Id  for the first and wsu:ID front the
> second, or can he put in both for both references? The second option is
> imprecise, but it is easier for the signer, he can just say list out all
> Id mechanisms that he normally uses, and not precisely specify which one
> is using for a particular reference. However the first option is better
> the verifier and that is what I have assumed.

Either is fine, IMHO. I would probably use text like "if the selection URI
or XPath expressions include the use of an ID attribute, the signer SHOULD
identify all such attributes using the dsig2:IDAttributes element".

-- Scott
Received on Saturday, 16 October 2010 23:36:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC