I'm noting that QNames are increasingly being used as identifiers within specifications. For example, XKMS is moving this way given the precedence set by SOAP, I'm seeing it in other ws-security work as well. My primary question is an architectural one: are these acceptable replacements for URIs as identifiers within our specifications? (They're certainly easier to read!) What is the identifier, the string "foo:bar" or the tuple [0]? Do we expect all specs to treat them uniformly in the next version of XML? What about present versions? My second question is an unfounded question about security implications. I haven't thought it through, but I wonder if there's any security ambiguities arising from the use of QNames as identifiers within an attribute value. When you sign a document via XML Canonicalization, it's attribute value is a string-value (not an "expanded-name" in XPath terminology, nor a QNAME in others'), but it also doesn't rewrite prefixes either so I feel safe. UDDI's schema-centric c14n [1] does rewrite namespace prefixes [2], but it's also schema centric -- I'm not sure what the result is there. (Bob?) And in other applications, where both sorts of processing might be done (attributes as strings versus QNAMEs) it's hard to say... [0] http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/#QName [1] http://www.uddi.org/pubs/SchemaCentricCanonicalization-20020213.htm [2] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/0204Received on Friday, 19 April 2002 11:26:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:30:50 GMT