W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

RE: Namespace Injection in DSig 2.0

From: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 2 Sep 2010 10:49:47 -0400
To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <058601cb4aae$16aafa60$4400ef20$@osu.edu>
> as far as I understood the QNameAware parameter is set "manually" by the
> signature generator. Hence, he can choose this parameter to contain all
the
> prefixed elements and attributes he used in the selection XPaths. Thus,
> there is no automated logic involved on how to determine the
QNames/prefixes
> from an XPath; this is up to the developer. What did I get wrong here?

You're making the same mistake Frederick did at one point (and we'll need to
add some text so people don't confuse things). The parameter is not
identifying what actual prefixes or names are *in* the content, it's
identifying the attributes and elements that themselves contain the QNames
content. It's up a level from what you're talking about.

Like the ID proposal, it's about injecting signer awareness of the content
model rather than of the contents of the document. The former can (in some
applications) be known/invariant, or configured by a deployer. The latter is
transaction-specific.

As an example:

xsi:type="foo:Bar"

The QNameAware reference is to xsi:type, not to foo:Bar. Anything you put
into xsi:type can then be dealt with at runtime, simply because the signer
knows that xsi:type always contains a QName. Doesn't matter what any
particular QName happened to be.

-- Scott
Received on Thursday, 2 September 2010 14:50:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 2 September 2010 14:50:21 GMT