- From: Scott Cantor <cantor.2@osu.edu>
- Date: Thu, 2 Sep 2010 10:49:47 -0400
- To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
> as far as I understood the QNameAware parameter is set "manually" by the > signature generator. Hence, he can choose this parameter to contain all the > prefixed elements and attributes he used in the selection XPaths. Thus, > there is no automated logic involved on how to determine the QNames/prefixes > from an XPath; this is up to the developer. What did I get wrong here? You're making the same mistake Frederick did at one point (and we'll need to add some text so people don't confuse things). The parameter is not identifying what actual prefixes or names are *in* the content, it's identifying the attributes and elements that themselves contain the QNames content. It's up a level from what you're talking about. Like the ID proposal, it's about injecting signer awareness of the content model rather than of the contents of the document. The former can (in some applications) be known/invariant, or configured by a deployer. The latter is transaction-specific. As an example: xsi:type="foo:Bar" The QNameAware reference is to xsi:type, not to foo:Bar. Anything you put into xsi:type can then be dealt with at runtime, simply because the signer knows that xsi:type always contains a QName. Doesn't matter what any particular QName happened to be. -- Scott
Received on Thursday, 2 September 2010 14:50:21 UTC