W3C home > Mailing lists > Public > www-tag@w3.org > April 2002

Re: Are QNames in Attribute Values Permitted as Identifiers?

From: <noah_mendelsohn@us.ibm.com>
Date: Mon, 22 Apr 2002 17:45:18 -0400
To: reagle@w3.org
Cc: bobatk@microsoft.com, ian@w3.org, w3c-ietf-xmldsig@w3.org, www-tag@w3.org, xml-dist-app@w3.org
Message-ID: <OF7BEB6C67.4F8546D1-ON85256BA3.0077F967@lotus.com>
SOAP adopts the QName type for many purposes, but generally depends on the 
value space, not the lexical space as being semantically interesting. From 
[2]  (your reference):

"The ·value space· of QName is the set of tuples {namespace name, local 
part}, where namespace name is an anyURI and local part is an NCName. The 
·lexical space· of QName is the set of strings that ·match· the QName 
production of [Namespaces in XML]."

So, the values of Qnames are indeed expanded names.  In reviewing the 
latest SOAP editors drafts, I think this is a point that could be made 
more crisply (I'm cc:'ing distApp). 

Still, use of QName can be taken to imply the "expanded name", as that is 
the value space of QName.  Of course, the lexical space uses prefixing, so 
use of the lexical space may depend on having a proper definition for the 
prefix in scope.

Noah Mendelsohn                              Voice: 1-617-693-4036
IBM Corporation                                Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142

Joseph Reagle <reagle@w3.org>
Sent by: www-tag-request@w3.org
04/19/2002 11:26 AM
Please respond to reagle

        To:     ian@w3.org, www-tag@w3.org
        cc:     bobatk@microsoft.com, w3c-ietf-xmldsig@w3.org, www-xkms@w3.org, (bcc: Noah 
        Subject:        Are QNames in Attribute Values Permitted as Identifiers?

I'm noting that QNames are increasingly being used as identifiers within 
specifications. For example, XKMS is moving this way given the precedence 
set by SOAP, I'm seeing it in other ws-security work as well.

My primary question is an architectural one: are these acceptable 
replacements for URIs as identifiers within our specifications? (They're 
certainly easier to read!) What is the identifier, the string "foo:bar" or 

the tuple [0]? Do we expect all specs to treat them uniformly in the next 
version of XML? What about present versions?

My second question is an unfounded question about security implications. I 

haven't thought it through, but I wonder if there's any security 
ambiguities arising from the use of QNames as identifiers within an 
attribute value. When you sign a document via XML Canonicalization, it's 
attribute value is a string-value (not an "expanded-name" in XPath 
terminology, nor a QNAME in others'), but it also doesn't rewrite prefixes 

either so I feel safe. UDDI's schema-centric c14n [1] does rewrite 
namespace prefixes [2], but it's also schema centric -- I'm not sure what 
the result is there. (Bob?) And in other applications, where both sorts of 

processing might be done (attributes as strings versus QNAMEs) it's hard 

[0] http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/#QName
[1] http://www.uddi.org/pubs/SchemaCentricCanonicalization-20020213.htm
[2] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/0204
Received on Monday, 22 April 2002 18:01:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:31 UTC