Widget Signature Proposal: Add constraints on ds:Reference URIs

The following is a proposal to add text to the Widget Signature draft  
[1] to address the concern expressed by Thomas Roessler [2] regarding  
the need to constrain allowed ds:Reference URIs.

(1) Add to end of section 5.1, Use of XML Signature in Widgets, the  
following new paragraph (items within <> are linked definitions, []  
are references):

Every ds:Reference used within a <widget signature> MUST have a URI  
attribute. Every ds:Reference to an item within the <widget signature>  
MUST use an IDREF value for the ds:Reference URI attribute, referring  
to a unique ID within the <widget signature> [XM-schema].  Every  
ds:Reference to a <widget file> MUST use a relative URI expressing the  
path from the  <root of the widget resource> to the referenced <widget  
file> [URI].

(2) Add reference

XML Schema Part 2: Datatypes W3C Recommendation. P. Biron, A.  
Malhotra. May 2001.http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/

regards, Frederick

Frederick Hirsch

[1] http://dev.w3.org/2006/waf/widgets-digsig/

[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html

Received on Friday, 13 March 2009 14:30:29 UTC