W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Location=""

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 28 Oct 1999 18:38:06 -0400
Message-Id: <3.0.5.32.19991028183806.00b858f0@localhost>
To: "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
Cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
At 14:49 99/10/28 -0700, Jim Schaad (Exchange) wrote:
 >The use of Location="" to refer to the entire document appears to me to be
 >potentially troublesome in work flow applications.  When one starts
 >including or moving forward signed documents, add other items (including
 >other signatures) and so forth.  Using Location="" to refer to the
 >containing document has now rather drastically changed its meaning and its
 >not clear that the same set of items can be found again except potentially
 >by explicit inclusion (rather than exclusion). 

I can understand this concern and if I sympathized with it, I would
recommend we not permit "" instead of trying to redefine something defined
by the URI spec. (Even not permitting it is a sort of abuse.) However, this
problem is not unique to us, a URI is an identifier for a resource,
sometimes the content of a URI changes. (Your issue applies regardless if
its a "Same-document reference" [2] or URI reference). The URI Location=""
is still a completely non-ambigous URI: "Axiom2: It doesn't matter to whom
or where you specify that URI, it will have the same meaning."

[1] http://www.w3.org/DesignIssues/Axioms.html
[2] http://www.ietf.org/rfc/rfc2396.txt (section 4.2)

If you use Location="" followed by some transforms that John has described
that only "selects" those things you care about, people add other
signatures, your Location="" still will mean the same thing. Again, this is
the same if the location points to a fully specified URI reference.

 >I assume that when this statement is made that the omission of the Location
 >element is absent that it is equivalent to <Location HREF="">.

We've stated that the ommission of <Location HREF=""> means it is known by
the application context. I assume we would to capture this same semantic if
we end up with it as an attribute of ObjectReference.

 >Object of the Signature.  These are the message that I am most worried
about
 >size for, and would therefore like to be able to omit the Location
reference
 >and still have it well understood what the location of the object is
suppose
 >to be.
 
<ObjectReference Location="5">
...
<Object ID="5">

I count 18 characters needed for this reference using this syntax (where
location is an attribute, not its own element.)

 >It seems to me that we potentially need a couple of different types of
 >"labels" that are distinct within the location.  Specifically would be
"this
 >is a URI of one type" and "You (the application) know what this is really
 >suppose to be, find it for me" are two that spring to mind.  Potentially
the
 >root of the document could be represented as <Location DOC/>.

I'm very hesitant of this approach, sound like we are trying to build our
own URI or XLink or some such thing.

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Thursday, 28 October 1999 18:38:08 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT