W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

RE: DSig comments on XML Base

From: Kevin Regan <kevinr@valicert.com>
Date: Thu, 27 Jul 2000 14:30:46 -0700
To: John Boyer <jboyer@PureEdge.com>, Jonathan Marsh <jmarsh@microsoft.com>, www-xml-linking-comments@w3.org
Cc: w3c-ietf-xmldsig@w3.org
Message-id: <27FF4FAEA8CDD211B97E00902745CBE2017C904D@seine.valicert.com>

I have no access to the XML processor.  My library receives DOM Document
and Element objects when creating the signature.  When verifying the
Signature a deligate to the user to find and parse the URI.  I'm not
sure I totally understand the discussion that had taken place, but
I would say that I have no way of distinguishing which parts of
the source came from external entities, and forcing the user to
structure the DOM subtree that I am signing in a particular way is
a big no no.  Currently, the only thing that my library requires
is that the user hand me a DOM Document or Element that has been
parsed with a validating parser (with ignorable whitespace not
included).

--Kevin

-----Original Message-----
From: John Boyer [mailto:jboyer@PureEdge.com]
Sent: Thursday, July 27, 2000 1:59 PM
To: Jonathan Marsh; www-xml-linking-comments@w3.org
Cc: w3c-ietf-xmldsig@w3.org
Subject: RE: DSig comments on XML Base


Hi Jonathan,

OK, that makes some sense.  What you're saying is that we should have
c14n
extend the Xpath data model by adding an xml:base to the top level
element
of external entities.

This must be done by modifying the XML processor that generates the
node-set.  I wonder how easy this is for implementers.

I agree with you that trying to read between the lines on XML 1.0 is a
waste
of time, but I disagree with the implication that this is what I'm
doing.
There are quite specific lines that tell an XML processor developer that
they need not distinguish between content derived within the document
versus
content derived externally.

So, TAMURA Kent, Kevin Regan and others: could you please let us know if
you
can do this?  If so, then I'd like to do what you suggest Jonathan, then
place a note about the residual problem with base URI for top-level PIs.

Thanks,
John Boyer
Development Team Leader,
Distributed Processing and XML
PureEdge Solutions Inc.
Creating Binding E-Commerce
v: 250-479-8334, ext. 143  f: 250-479-3772
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>




Received on Thursday, 27 July 2000 17:39:29 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT