RE: NEW ISSUE: The framework specification should enable usage of xml:id

 

> -----Original Message-----
> From: Asir Vedamuthu [mailto:asirveda@microsoft.com] 
> Sent: Friday, Aug 11, 2006 4:55 PM
> To: Yalcinalp, Umit; public-ws-policy@w3.org
> Subject: RE: NEW ISSUE: The framework specification should 
> enable usage of xml:id
> 
> > We could also add a note in the framework/primer when it is not 
> > desirable to use xml:id but rely on wsu:id
> 
> Good point.
> 
> The xml:id Version 1.0 specification says, 'The Canonical XML 
> Version 1.0 specification describes a process whereby 
> attributes in the xml: namespace are inherited in a 
> canonicalized document. While this produces a reasonable 
> result with xml:lang or xml:space attributes, processing 
> xml:id attributes in this way is likely to produce documents 
> that contain xml:id errors, specifically xml:id attribute 
> values that are not unique.'[1]
> 
> An illustrative description of the above technical issue can 
> be found in [2]. The XML Core Working Group is chartered [3] 
> to produce a new version of Canonical XML to address this 
> inconsistency.
> 
> 'XML Signature Syntax and Processing' requires 
> implementations to support C14N 1.0 [4]. C14N 1.0 is widely 
> supported [5] and used. In many cases, users only have access 
> to C14N 1.0 support.
> 
> If the WG wants to adopt the xml:id attribute in addition to 
> the wsu:Id attribute, we suggest amending the proposal to 
> include the following note of caution to Section 4.2:
> 
> "The use of xml:id attribute in conjunction with Canonical 
> XML 1.0 is inappropriate as described in Appendix C of xml:id 
> Version 1.0 [XMLID] and thus this combination must be avoided 
> (see [C14NNOTE]). For example, a policy expression identified 
> using xml:id attribute should not be signed using XML Digital 
> Signature when Canonical XML 1.0 is being used as the 
> canonicalization method." Where, C14NNOTE is a non-normative 
> reference to [2].
> 

It appears you are adding a friendly amendement to the proposal. That is fine with me. 

> [1] http://www.w3.org/TR/2005/REC-xml-id-20050909/#impact
> [2] http://www.w3.org/2006/04/c14n-note/c14n-note.html#S3
> [3] http://www.w3.org/2005/02/xml-core-wg-charter.html#deliverables
> [4] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-c14nAlg
> [5] http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html 
>     http://www.w3.org/Signature/2000/10/10-c14n-interop.html
> 
> Regards,
> 
> Asir S Vedamuthu
> Microsoft Corporation
> 

--umit

> ________________________________________
> From: public-ws-policy-request@w3.org 
> [mailto:public-ws-policy-request@w3.org] On Behalf Of Yalcinalp, Umit
> Sent: Tuesday, July 25, 2006 1:54 PM
> To: public-ws-policy@w3.org
> Subject: NEW ISSUE: The framework specification should enable 
> usage of xml:id
> 
> 
> Title: The framework specification should also enable the 
> usage of xml:id 
> Description: 
> The WS-Policy Framework specification uses wsu:id element to 
> designate identification for elements[WS-Policy]. W3C also 
> published xml:id document that allows the same use [XMLID] 
> that is a recommendation. Currently, the WS-Policy 
> specification does not use the xml:id mechanism for uniquely 
> identifying XML elements and relies on the WSS definition of 
> id mechanism. 
> Justification: 
> The purpose of the xml:id specification is to have unique 
> element identifiers to be recognized by all conformant XML 
> processors. Currently, WS-Policy relies on WS-Security 
> specification for generating URI references instead and 
> requires the framework providers to recognize this alternate 
> mechanism for processing references. As xml:id will be 
> adopted, the support of xml:id in all XML processors may 
> require WS-Policy to also allow utilization of xml:id. 
> Further, the specification does not clarify whether the 
> xml:id is permissable as an identification mechanism for a 
> WS-Policy expression. 
> Target: Section 4.2 of the WS-Policy, Appendix A. 
> Proposal: 
> Allow xml:id as a permissible mechanism for identifying 
> policy expressions in addition to wsu:Id 
> 1. Replace 
> {/wsp:Policy/@wsu:Id 
> The identity of the policy expression as an ID within the 
> enclosing XML document. If omitted, there is no implied 
> value. To refer to this policy expression, a URI-reference 
> MAY be formed using this value per Section 4.2 of WS-Security 
> [WS-Security 2004].}
> 
> 
> With 
> /wsp:Policy/{@wsu:Id | @xml:id} 
> The identity of the policy expression as an ID within the 
> enclosing XML document. If omitted, there is no implied 
> value. To refer to this policy expression, a URI-reference 
> MAY be formed using this value per Section 4.2 of WS-Security 
> [WS-Security 2004] when @wsu:Id is used. 
> 2. Repeat last example in Section 4.2 using xml:id in 
> addition to wsu:id (last paragraph of Section 4.2) to 
> illustrate the form. This is purely editorial. 
> 3. Add normative reference to xml:id [XMLID] in A.1.  
> Personal Note: 
> I have chosen to retain the reference on wsu:Id given the 
> expected schedule of the publication rather than removing it 
> due to existing support on this attribute in the existing 
> implementations. 
> We could also add a note in the framework/primer when it is 
> not desirable to use xml:id but rely on wsu:id if the wg 
> feels that is necessary. 
> --umit 
> [XMLID] http://www.w3.org/TR/xml-id/ 
> [WS-Policy] 
> http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-f
ramework.html?content-type=text/html;%20charset=utf-8
> 
> ---------------------- 
> Dr. Umit Yalcinalp 
> Architect 
> NetWeaver Industry Standards 
> SAP Labs, LLC 
> Email: umit.yalcinalp@sap.com Tel: (650) 320-3095 
> SDN: https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/u/36238 
>

Received on Tuesday, 15 August 2006 00:33:15 UTC