- From: Srinivas, Davanum M <Davanum.Srinivas@ca.com>
- Date: Tue, 21 Dec 2004 22:00:39 -0500
- To: <public-ws-addressing@w3.org>
I seem to be constantly stirring up trouble...sorry!! :)
-- dims
-----Original Message-----
From: public-ws-addressing-request@w3.org
[mailto:public-ws-addressing-request@w3.org] On Behalf Of Rich Salz
Sent: Tuesday, December 21, 2004 7:16 PM
To: public-ws-addressing@w3.org
Subject: xml:id and opacity of refp's
Dims posted a message ("just thinking out loud here...") that included a
snippet of an EPR with a DSIG in it. It just brought to mind an issue.
One of XML's validity constraints is that attributes of type ID have
unique values. In order to not generate invalid XML, a program that
uses the refp's from an EPR must scan them to make sure that the ID
attributes that *it* generates are unique. This violates opacity, but
without that violation a client cannot be sure of generating valid
messages.
Further, while xml:id is useful, there are still many ID attributes in
other namespaces. This requires even deeper knowledge and inspection by
the EPR recipient, further ripping away opacity. It's a hard problem,
of course, since there is no guarantee that the EPR recipient will even
*know* what the ID attributes are inside a refp.
Short of probabilistic values for ID attributes (viz., MIME separators
for multipart), opacity must be broken.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview
http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 22 December 2004 03:00:40 UTC