xml:id and Canonical XML from Norman Walsh on 2005-01-24 (public-xml-core-wg@w3.org from January 2005)

From: Norman Walsh <Norman.Walsh@Sun.COM>
Date: Mon, 24 Jan 2005 12:46:07 -0500
To: public-xml-core-wg@w3.org
Message-id: <87ekgaaffk.fsf@nwalsh.com>
Elliotte sent this to the xml:id comments list. I think we'll need to
talk about it on Wednesday.

AFAICS, it's not our problem to fix (the canonicalization spec is
broken) but I think Elliotte is right, we do owe the reader a pointer
to the problem.

/ Elliotte Harold <elharo@metalab.unc.edu> was heard to say:
| I just noticed a major conceptual mismatch between canonical XML and
| xml:id. The problem occurs when calculating the canonical form of a
| document subset. The issue is that each nearest attribute in the XML
| namespace are added to elements from the subset if the original ancestor
| elements that provided those attributes are not present. For instance,
| consider this document:
|
| <root xml:id="p1">
|    <child />
| </root>
|
| Now suppose we canonicalize this document with the XPath expression //child
| to select a subset. Then resulting canonical form is:
|
| <child xml:id="p1"></child>
|
| Worse yet, suppose we start with this input document and use the same XPath
| expression:
|
| <root xml:id="p1">
|    <child />
|    <child />
|    <child />
| </root>
|
| What comes out is:
|
| <child xml:id="p1"></child>
| <child xml:id="p1"></child>
| <child xml:id="p1"></child>
|
| Duplicate IDs!
|
| I think the canonical XML spec clearly intended that all attributes in the
| XML namespace have scope over their descendants, but that's not really true
| for xml:id.
|
| This probably has downstream implications for XML digital signatures and
| XML encryption, both of which depend on canonicalization.
|
| Exclusive XML canonicalization does not inherit xml: attributes, and so
| does not have this problem.
|
| I am not sure what to suggest as a fix. It is still possible to
| canonicalize a document that uses xml:id. However, the results could be
| quite unexpected and perhaps dangerous.
|
| I wish I had a good answer here. I don't. I do think this should be
| discussed, and whatever resolution is reached needs to be called out in the
| spec to warn people about this.
|
| -- 
| Elliotte Rusty Harold  elharo@metalab.unc.edu
| XML in a Nutshell 3rd Edition Just Published!
| http://www.cafeconleche.org/books/xian3/
| http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim

                                        Be seeing you,
                                          norm

-- 
Norman.Walsh@Sun.COM / XML Standards Architect / Sun Microsystems, Inc.
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
Received on Monday, 24 January 2005 17:46:31 UTC