- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 12 Jun 2002 10:49:34 -0400
- To: xml-encryption@w3.org
- Cc: "John Boyer" <JBoyer@PureEdge.com>, Martin Duerst <duerst@w3.org>, w3c-i18n-ig@w3.org
http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/ $Revision: 1.206 $ on $Date: 2002/06/12 14:45:39 $ GMT by Similar attention between the relationship of a fragment and the context into which it is being inserted should be given to the xml:base, xml:lang, and xml:space attributes as mentioned in the Security Considerations of [XML-exc-C14N]. For example, if the element <Bongo href="example.xml"/> is taken from a context and serialized with no xml:base [XML-Base] attribute and parsed in the context of the element: <Baz xml:base="http://example.org/"/> the result will be: <Baz xml:base="http://example.org/"><Bongo href="example.xml"/></Baz> where Bongo's href is subsequently interpreted as "http://example.org/example.xml". If this is not the correct URI, Bongo should have been serialized with its own xml:base attribute. Unfortunately, the recommendation that xmlns="" be emitted to divorce (reset) the default namespace of the fragment from the context into which it is being inserted can not be made for the XML attributes xml:base, xml:lang, and xml:space. The meaning of an empty attribute value is undefined or maintains the contextual value. Consequently, applications SHOULD ensure (1) fragments that are to be encrypted are not dependent on XML attributes, or (2) if they are dependent and the resulting document is intended to be valid [XML], the fragment's definition permits the presence of the attributes and that they have non-empty values. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Wednesday, 12 June 2002 10:50:15 UTC