W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: Re: Re: XPath Expression

From: <edsimon@xmlsec.com>
Date: Thu, 2 Aug 2001 12:43:25 -0400
Message-ID: <3B5F179F00003019@mail.san.yahoo.com>
To: merlin <merlin@baltimore.ie>
Cc: reagle@w3.org, bdournaee@rsasecurity.com, w3c-ietf-xmldsig@w3.org
I think if XPath could be used to return a nodeset that excludes certain
attribute nodes, then what you have suggested would fit in.  I remain curious,
as an academic exercise, as to whether there exists such a single XPath
expression.  Perhaps something like

"node()[not (NodeType(attribute) and (name()="URI") and parent::dsig:Reference)]"

is getting closer.

Ed

-- Original Message --

>
>Hi Ed,
>
>r/edsimon@xmlsec.com/2001.08.02/10:57:14
>>I'd certainly be keen to see the full working XPath expression if someone
>>wants to take up the challenge.  Merlin's suggestion, by itself, is not
>>the whole solution but only part as it returns a boolean, not nodes. 

>
>Blake asked for something to put in an XPath transform;
>our XPath transform does a boolean test of each node in
>the node set against its expression.
>
>So, you are right; what I suggested is not a general
>XPath expression for selecting all of a document but
>its URI attributes; XSLT is the tool for that job.
>But, it is a suitable test expression for our XPath
>transform to perform this task.
>
>I think. (sometimes)
>
>Merlin
>
>>In general, XPath is good at selecting nodes but was not really intended
>>for removing subnodes.  With current tools, I'd say removing subnodes
is
>>best done with XSLT.
>>
>>BTW, the XSLT I've presented below does actually do the trick.
>>
>>Ed
>>-- Original Message --
>>
>>>
>>>I'd guess that something like not ((name() =3D "URI") and parent::dsig:R=
>>eference)
>>>might work.
>>>
>>>merlin
>>>
>>>r/edsimon@xmlsec.com/2001.08.02/09:37:38
>>>>>>This would allow me to change the URI without altering the validity
>>of
>>>>the
>>>>>>signature.
>>>>>
>>>>>If it's being used in the Canonical XML context, remove the '//@*'
fro=
>>m:
>>>>>         (//. | //@* | //namespace::*)
>>>>
>>>>
>>>>Correct me if I'm wrong but wouldn't the above remove ALL attributes,
>>not
>>>>just the one Blake wants removed.
>>>>
>>>>I'm not sure that there is an XPath solution but the solution in XSLT
>>would
>>>>look like this:
>>>>
>>>>
>>>><?xml version=3D"1.0" encoding=3D"UTF-8"?>
>>>><xsl:stylesheet version=3D"1.0" 
>>>>  xmlns:xsl =3D"http://www.w3.org/1999/XSL/Transform"
>>>>  xmlns:xmlsig=3D"http://www.w3.org/2000/09/xmldsig#">
>>>>
>>>><!-- Identity transform -->
>>>><xsl:template match=3D"@*|node()">
>>>>  <xsl:copy>
>>>>    <xsl:apply-templates select=3D"@*|node()"/>
>>>>  </xsl:copy>
>>>></xsl:template>
>>>>
>>>>
>>>><!-- Skip the Reference/@URI attribute -->
>>>><xsl:template match=3D"xmlsig:Reference/@URI" priority=3D"2"/>
>>>>
>>>>
>>>></xsl:stylesheet>
>>>>
>>>>
>>>>--------------------------------------------------
>>
>>
>>--------------------------------------------------
>>Ed Simon
>>XMLsec Inc.
>>
>>Interested in XML Security Training and Consulting services?  Visit "www.=
>>xmlsec.com".
>>
>>
>
>
>-----------------------------------------------------------------------------
>Baltimore Technologies plc will not be liable for direct,  special,  indirect
>
>or consequential  damages  arising  from  alteration of  the contents of
>this
>message by a third party or as a result of any virus being passed on.
>
>In addition, certain Marketing collateral may be added from time to time
>to
>promote Baltimore Technologies products, services, Global e-Security or
>appearance at trade shows and conferences.
>
>This footnote confirms that this email message has been swept by
>Baltimore MIMEsweeper for Content Security threats, including
>computer viruses.
>   http://www.baltimore.com
>
>

-----------------------------------------------------------------------------------------------
Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".
Received on Thursday, 2 August 2001 12:44:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC