Re: Difficulties with URI="" and IDREF

Gregor Karlinger wrote:

> Andreas Schmidt wrote:
>
> >> URI="" must be used in conjunction with either IDREF or an XPath transform.
>
> > Either that or it is core behavior to omit the contents of
> > SignatureValue in
> > that case.
>
> I think it should be clear that in this case an additional XPath transform
> has to be applied to exclude the Signature. I don't think it is necessary to
> state this as core behaviour.

The only thing which is clear is that self-referential sigantures will never validate. I
think this problem and any solution the standard provides should be explained somewhere
- may it be core behavior definition, a recommendation to application designers, or at
least application examples.

Nevertheless, since signing 'this' document seems to me to be a quite common case, so
why not provide standard means to cope with it? To define exclusion of SignatureValue as
core behavior is the simplest way to achieve this.

> > Btw two minor editing points:
> >
> > 1. sec. 2.3 defines URI/IDREF as exclusive alternatives
> >
> >    <Reference (URI=|IDREF=)? Type=?>
> >
> > in contrast to sec. 3.3.3
>
> I don't see a contradiction here. In [1], sec. 3.3.3. you can find:
>
> "The URI/IDREF attribute identifies a data object using a URI [URI] or IDREF [XML]."

Right. This was only in  conflict with John's idea of using URI and IDREF jointly to
solve the problem above.

> [1] http://www.w3.org/Signature/Drafts/WD-xmldsig-core-20000104/

Received on Tuesday, 4 January 2000 06:07:13 UTC