- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 4 May 2007 14:11:05 -0400
- To: www-xml-canonicalization-comments@w3.org
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>, Roessler Thomas <tlr@w3.org>
The XML Security Specifications Maintenance WG has reviewed C14N11
[1] and has the following comments and proposed changes.
(1) Change the first sentence in the Abstract from
"Canonical XML 1.1 is a revision to Canonical XML 1.0 to address
issues raised while producing the xml:id specification."
to
"Canonical XML 1.1 is a revision to Canonical XML 1.0 to address
issues related to inheritance of attributes in the XML namespace when
canonicalizing document subsets, including the requirement not to
inherit xml:id, and to treat xml:base URI path processing properly."
This should clarify the reasons for the C14N11 revision rather than
the process used to reach the changes.
(2) Change the abstract and also the introduction to clarify the
relationship to XML 1.0 and XML 1.1.
It is not clear in the C14N11 specification [1] that it is only
applicable to XML 1.0 and not XML 1.1 since it is not explicitly
stated. There is also possible confusion about XPath versions.
Recommendation: Add the following statement to the text in both the
abstract also the introduction to make this explicit:
"C14N11 is applicable to XML 1.0 and defined in terms of the XPath
1.0 data model. It is not defined for XML 1.1."
(3) Add hyperlinks to the reference to RFC 3986 ([URI]) from the
references to RFC 3986 in the fifth paragraph and bullets in Section
2.4 [2]
(4) In section 2.4, Document Subsets, for clarity use the same
notation for X and E values, e.g. state in
next to last paragraph in document subset section [2]:
"In that case let Xm ... X1 be the values of the xml:base attributes
on En...E1 (in order from outermost to innermost). The sequence of
values is reduced to a single value by first combining Xm with Xm-1,
then the result with Xm-2, and so on"
instead of
"In that case let X1 ... Xm be the values of the xml:base attributes
on En...E1 (in order from outermost to innermost). The sequence of
values is reduced to a single value by first combining X1 with X2,
then the result with X3, and so on"
(5) Add the following as a new paragraph at the end of section 2.4,
Document Subsets:
"Attributes in the XML namespace other than xml:base, xml:id,
xml:lang, and xml:space MUST be processed as ordinary attributes."
This provides guidance regarding expectations regarding possible new
attributes in the XML namespace. In conjunction with this (but not
for this document) when new attributes are defined in the xml
namespace, security considerations and canonicalization
considerations should be outlined.
(6) Add another example to section 3 showing handling of xml:id and
xml:base for document subset, e.g.:
---
3.8 Document Subsets and XML attributes
Input
<!DOCTYPE doc [
<!ATTLIST e2 xml:space (default|preserve) 'preserve'>
<!ATTLIST e3 id ID #IMPLIED>
]>
<doc xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"
xml:base="http://www.example.com/something/else">
<e1>
<e2 xmlns="" xml:id="abc" xml:base="../bar/">
<e3 id="E3" xml:base="foo"/>
</e2>
</e1>
</doc>
Document Subset Expression (same as 3.7)
<!-- Evaluate with declaration xmlns:ietf="http://www.ietf.org" -->
(//. | //@* | //namespace::*)
[
self::ietf:e1 or (parent::ietf:e1 and not(self::text() or
self::e2))
or
count(id("E3")|ancestor-or-self::node()) = count(ancestor-or-
self::node())
]
Canonical Form
<e1 xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"><e3
xmlns="" id="E3" xml:base="http://www.example.com/bar/foo"
xml:space="preserve"></e3> </e1>
Demonstrates:
xml:id not inherited.
simple inheritable XML attribute inherited (xml:space)
xml:base fixup performed
---
The rationale is that there is no example for xml:id and xml:base
handling in this section.
Thank you
regards, Frederick
Frederick Hirsch, Nokia
Chair, XML Security Specifications Maintenance WG
[1] <http://www.w3.org/TR/xml-c14n11/>
[2] <http://www.w3.org/TR/xml-c14n11/#DocSubsets>
Received on Friday, 4 May 2007 18:11:15 UTC