W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Comments on last call draft

From: John Boyer <jboyer@PureEdge.com>
Date: Mon, 13 Mar 2000 09:50:57 -0800
To: "TAMURA Kent" <kent@trl.ibm.co.jp>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>

> I don't see what's so hard about:
> For obtaining byte order mark,
> node *MyXMLProcessor(char *filename, char *BOM)
> ...

Yes, an application can get a BOM if it receives a raw octet
stream.  But applications may interchange XML documents in
internal character representation such as UTF-16 without BOM in

As I have written repeatedly, don't use information not in XML
Information Set.  If we wanted to refer information not in XML
Information Set, we would need tricky implementation or could
not accomplish completely.

It does not matter what the byte order mark was when your Java processor
read the document.  What matters is the byte order used by the internal
character representation.  When you use your Java processor to read a
document containing an XML signature, you will eventually call some function
to get the XPath transform expression string for evaluation.  What format is
it in?  You must know this or you won't be able to do anything with the
expression.  Since you DO know the format (byte order and encoding), all I'm
requiring is that you actually send this information to the XPath transform
expression evaluator.

> For exact order, your implementation should simply throw an algorithm
> unavailability exception if your lex-order-aware implementation
> an exact order signature.

I think no one implements exact order.  I may request for
Xalan/LotusXSL team to make output of XPath lex-order.

Counterexample: the Clark parser hands off the attributes in exact order.

Exact order processing was requested by those with low-capacity devices who
wanted to minimize processing of the XML received. If special care is taken
in the application design, then an XML processor would not even be needed
(or something small like Clark's parser could be used).  Further, an XPath
expression evaluator would not be needed if special care is taken in the
application design.  Nonetheless, the signatures of this application would
still be expressed according to the 'standard' and would therefore be
verifiable by a fully standards compliant, generic program.

If your implementation can't support exact order, the two questions I have
are 1) why can't you just throw an exception, and 2) if you'd prefer not to
do that, then how hard is it really to make it work?

John Boyer
Software Development Manager
PureEdge Solutions, Inc. (formerly UWI.Com)

TAMURA Kent @ Tokyo Research Laboratory, IBM
Received on Monday, 13 March 2000 12:53:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC