- From: Donald Eastlake 3rd <dee3@torque.pothole.com>
- Date: Mon, 9 Dec 2002 08:22:54 -0500 (EST)
- To: Sean Mullan <sean.mullan@sun.com>
- Cc: w3c-ietf-xmldsig@w3.org
I agree that since the URI is implicit, it could be a same-document reference. Perhaps instead of "know the identity of the object" it could have said "know the URI to be used". Donald On Mon, 9 Dec 2002, Sean Mullan wrote: > Date: Mon, 09 Dec 2002 11:11:00 +0000 > From: Sean Mullan <sean.mullan@sun.com> > To: Joseph Reagle <reagle@w3.org> > Cc: w3c-ietf-xmldsig@w3.org > Subject: Re: Dereferencing a Reference with no URI attribute > > Joseph Reagle wrote: > > > > On Friday 06 December 2002 09:51 am, Sean Mullan wrote: > > > I have a question about dereferencing (or identifying) > > > a Reference without a URI attribute. Section 4.3.3.1 of > > > xmldsig-core states, 4th paragraph: > > > > > > "If the URI attribute is omitted altogether, the receiving > > > application is expected to know the identity of the object". > > > > > > Further on, in section 4.3.3.2, it states: > > > > > > "Unless the URI-Reference is a 'same-document' reference as defined > > > in [URI, Section 4.2], the result of dereferencing the URI-Reference > > > MUST be an octet stream." > > > > > > Does the statement above apply to a Reference with no URI > > > attribute? > > > > Interesting question, from the text my initial reading is that an "implicit > > same-document reference" is not precluded. If fact, I'd expect this might > > be common in the context of implicit references. > > > > > Can it be represented as either an octet stream or > > > a node set? Or, since it is undefined, is it technically NOT a > > > same-document reference, and therefore MUST be dereferenced/identified > > > as an octet stream? > > > > While an interesting question, is this motivated by an actual example? I'm > > wondering about the interop implications of this. For example, if I had a > > signature with an implicit reference to a node-set, the first transform > > might require a node-set for processing. Is this a problem? I don't see how > > as the other side is already expected to know what the initial object is > > (i.e., node-set). > > The question is not motivated by any specific example; I just wanted to make > sure that I was strictly abiding by the specification, which seemed a little > unclear to me. I'll assume a Reference w/o a URI attribute can implicitly > refer to either a node-set or octet stream. > > Thanks, > Sean ====================================================================== Donald E. Eastlake 3rd dee3@torque.pothole.com 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA Donald.Eastlake@motorola.com
Received on Monday, 9 December 2002 08:22:55 UTC