W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Comments on new XPath Filtering proposal

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Mon, 27 Mar 2000 13:14:16 +0200
To: "John Boyer" <jboyer@PureEdge.com>, "IETF/W3C XML-DSig WG (E-mail)" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDIECMCEAA.gregor.karlinger@iaik.at>
John,

please find my comments on your latest proposal for the XPath Filtering
section attached to the corresponding sections below. As I am not an
XPath expert, please be patient with some of my questions ;-)

> -----Original Message-----
> From: w3c-ietf-xmldsig-request@w3.org
> [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of John Boyer
> Sent: Friday, March 24, 2000 1:15 AM
> To: IETF/W3C XML-DSig WG (E-mail)
> Cc: Martin J. Duerst; James Clark; Joseph Reagle; Eastlake
> Donald-LDE008; TAMURA Kent; Christopher R. Maden; Jonathan Marsh; Ed
> Simon
> Subject: RE: Enveloped signatures and XPath
> Executive overview
> ==================

[...]

> <p>Based on the expression evaluation requirements of the XPath function
> library,
> the <b>document order</b> position of each node must be available in the
> parse tree,

How can I achive this with a standard DOM parser?

[...]

> <h4>6.6.3.3 XPath Transform Functions</h4>
>
> <p>The function library of the XPath transform includes all functions
> defined
> by the XPath specification plus the serialize() function defined
> below.  For most XPath transforms, serialize() need not be called
> explicitly
> since it is called automatically if the expression result is a node-set.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  Who makes this call? The XPath engine? How would the XPath engine
  behave if the serialize function was not defined?

[...]

> <h4 name="sec-XPathTransformOutput">6.6.3.4 XPath Transform Output</h4>
>
> <p>The result of the XPath expression is a string, boolean, number, or
> node-set.
> If the result of the XPath expression is a string, then the
> string converted
> to
> UTF-8 is the output of the XPath transform. If the result is a boolean or
> number,
> then the XPath transform output is computed by calling the XPath string()
> function
> on the boolean or number then converting to UTF-8.
> If the result of the XPath expression is a node-set, then the XPath
> transform
> result is computed by applying the serialize() function to the node-set,
> then
> converting the resulting string to UTF-8.</p>

Again, is this call to the serialize() function made automatically by the
XPath engine?

I deduce the following tasks for the output transformation
from the assertions made so far, depending on the XPath expression's result:

* If result is a string, convert it to UTF-8

* If result is boolean/number, explicitely call the XPath string() function
  and then convert its result to UTF-8

* If result is a node set, the actual result of the XPath processing is
  already a string, which must be finally converted to UTF-8

Am I right?

[...]

>The node test
> returns true for all
> nodes except the <code>SignatureValue</code> and
> <code>KeyInfo</code> child
> elements and the
> and the <code>DigestValue</code> descendants of <code>Signature</code> S1.

Why omitting KeyInfo? I think this is a little bit confusing here since
KeyInfo can be made available before computing the Reference's digest.


Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Monday, 27 March 2000 06:15:40 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT