W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Re: Difficulties with URI="" and IDREF

From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
Date: Tue, 04 Jan 2000 12:07:39 +0100
Message-ID: <3871D47B.17679112@darmstadt.gmd.de>
To: Gregor.Karlinger@iaik.at, XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
Gregor Karlinger wrote:

> Andreas Schmidt wrote:
> >> URI="" must be used in conjunction with either IDREF or an XPath transform.
> > Either that or it is core behavior to omit the contents of
> > SignatureValue in
> > that case.
> I think it should be clear that in this case an additional XPath transform
> has to be applied to exclude the Signature. I don't think it is necessary to
> state this as core behaviour.

The only thing which is clear is that self-referential sigantures will never validate. I
think this problem and any solution the standard provides should be explained somewhere
- may it be core behavior definition, a recommendation to application designers, or at
least application examples.

Nevertheless, since signing 'this' document seems to me to be a quite common case, so
why not provide standard means to cope with it? To define exclusion of SignatureValue as
core behavior is the simplest way to achieve this.

> > Btw two minor editing points:
> >
> > 1. sec. 2.3 defines URI/IDREF as exclusive alternatives
> >
> >    <Reference (URI=|IDREF=)? Type=?>
> >
> > in contrast to sec. 3.3.3
> I don't see a contradiction here. In [1], sec. 3.3.3. you can find:
> "The URI/IDREF attribute identifies a data object using a URI [URI] or IDREF [XML]."

Right. This was only in  conflict with John's idea of using URI and IDREF jointly to
solve the problem above.

> [1] http://www.w3.org/Signature/Drafts/WD-xmldsig-core-20000104/
Received on Tuesday, 4 January 2000 06:07:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC