W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2011

Re: Special cases for PrefixRewrite in C14N 2.0

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 18 May 2011 13:24:39 +0000
To: <pratik.datta@oracle.com>
CC: <Frederick.Hirsch@nokia.com>, <cantor.2@osu.edu>, <public-xmlsec@w3.org>
Message-ID: <D07CCF07-9DF1-4718-AAB9-4B7EB7892A55@nokia.com>
I have entered a new Last Call comment in the tracker tool for PrefixRewrite issue, see http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xml-c14n2-20110421/2486

To confirm, the requirement is  to be clear on the prefix rewriting model (to enable interop) and the current change proposal is to require assignment of a unique prefix 1-1 for each namespace URI encountered.

is this a correct summary of the issue and proposed resolution? If so, Pratik can you please take an action to propose detailed changes to C14N20 specification?

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG



On Apr 28, 2011, at 12:24 PM, ext Pratik Datta wrote:

> Yes this is a new requirement. 
> 
> 
> However it is problem for non disjoint subtrees too.
> 
> In the example 3 that I had given
> Example 3: With prefixes being pushed down
> 
> <a:foo xmlns:a="http://a1" xmlns:b="http://a2" >
>  <b:bar/>
>  <b:bar/>
> </a:foo>
> 
> 
> <a:foo> is one subtree. 
> It has a declaration xmlns:b which is not visibly utilized by <a:foo> element, so this declaration cannot be emitted at this point
> Instead it needs to be emitted with each of the <b:bar/> elements.
> Each <b:bar> element is really a separate subtree, so with the current algorithm, each one will get rewritten prefix, i.e. it will become like this:
> 
> <n0:foo xmlns:ns0="http://a1" >
>  <n1:bar xmlns:ns1="http://a2" />
>  <n2:bar xmlns:ns2="http://a2" />
> </n0:foo>
> 
> If we have to fix this so that both the "b" prefixes get mapped to "n1", then  that fix should take care of disjoint subtrees as well.
> 
> Pratik
> 
> 
> -----Original Message-----
> From: Cantor, Scott E. [mailto:cantor.2@osu.edu] 
> Sent: Wednesday, April 27, 2011 7:12 PM
> To: Pratik Datta; public-xmlsec@w3.org
> Subject: Re: Special cases for PrefixRewrite in C14N 2.0
> 
> On 4/27/11 9:44 PM, "Pratik Datta" <pratik.datta@oracle.com> wrote:
>> I think we should do for disjoint subtrees also.
>> 
>> Let us say some one wants to sign all "CreditCard" elements in the
>> document, then have an xpath like this  //c1:CreditCard
>> 
>> So will each credit card element will be a different disjoint subtree.
>> But should each one get a different prefix?  That will be confusing.
> 
> I'll defer to current implementers, I wasn't sure if it was worth imposing
> a new requirement to remember all the prefix bindings defined in walking
> the subtrees. That is a new requirement, right?
> 
> -- Scott
> 
> 
> 
Received on Wednesday, 18 May 2011 13:25:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 May 2011 13:25:28 GMT