- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Tue, 23 May 2006 19:46:31 +0200
- To: public-xml-core-wg@w3.org
- Cc: Jose Kahan <jose.kahan@w3.org>
- Message-ID: <44734A77.8020700@iaik.tugraz.at>
Dear all,
FYI.
here are a few thought's surrounding c14n and xml:base that are the
result from a discussion between Jose Kahan and myself on irc.
Jose expressed the view that some developers would expect a xml:base
treated by c14n should be an absolute URI.
I replied however that this would imply that many XMLDSIG signed files
can then only be verified in one location (i.e. if the xml:base becomes
absolute).
Jose asked, how should we solve the problem of an empty xml:base=""
after URI simplication?
I brought in, that xml:base="" is accordingly to the RFC 3986 section
4.4 and RFC 2396 section 4.2 interpreted as a same-document URI which
competes with the xml:base inheritance.
To understand the problem which is admittedly an edge case however we
think a very important one we'd like you to consider the following examples:
<a xml:base="something/">
<b xml:base="../">
</b>
</a>
and you remove a from the input node set to the c14n algorithm, we'd
have to receive the following
<b xml:base="something/../"></b>
which is not equivalent to
<b xml:base=""></b> cf. RFC 3986 section 4.4 and RFC 2396 section 4.2
however is equivalent to
<b xml:base="./"></b>
Jose, however argues that "./" would return the the directory of the
current document and hence is not usable for this.
Nevertheless I'm quite sure that it should behave as expected, cf. RFC
3986 section 5.4 and 5.4.1.
"""
[...]
http://a/b/c/d;p?q
[...]
"." = "http://a/b/c/"
"./" = "http://a/b/c/"
"""
best regards
Konrad Lanz
P.S.: Some more elaborate examples will follow now
<foo xml:base="abc/file.ext">
<a xml:base="something/">
<b xml:base="../../">
</b>
</a>
</foo>
with a being stripped out
<foo xml:base="abc/file.ext">
<b xml:base="../">
</b>
</foo>
if we however strip out foo and a we'd need to have something like
<b xml:base="abc/../">
</b>
which would be equivalent to
<b xml:base="./">
</b>
because b will inherit whatever was above foo.
However it may not inherit some file.ext of whatever base uri was
above foo.
Hence xml:base="./" (or xml:base="abc/../") would need to be rendered in
the case where the removal of dot-dot segments would result in the empty
string.
As the following is not equivalent
<b xml:base="">
</b>
Another Example:
<bar xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php">
<foo xml:base=abc/file.ext>
<a xml:base="something/">
<b xml:base="../../">
</b>
</a>
</foo>
</bar>
foo and a being stripped off
<bar xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php">
<b xml:base="./">
</b>
</bar>
i.e. b's xml:base would be
http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/
which is not equivalent to
<bar xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php">
<b xml:base="">
</b>
</bar>
i.e. b's xml:base would be
http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php
Another interesting question is if xml:base="" really refers to the same
document or if the parents xml:base is referred to:
Hence the following is not entirely well defined as there is a conflict
between same-document references uri="" and xml:base section 4.3 second
bullet point. http://www.w3.org/TR/xmlbase/#matching
<bar xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php">
<foo xml:base=abc/file.ext>
<a xml:base="">
<b xml:base="">
</b>
</a>
</foo>
</bar>
foo and a being clipped out
<bar xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/index.php">
<b xml:base="">
</b>
</bar>
i.e. b's xml:base would be
http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/abc/file.ext
bar, foo and a being clipped out
<b
xml:base="http://www.iaik.tu-graz.ac.at/aboutus/people/lanz/abc/file.ext">
</b>
would be the natural behavior.
--
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at
Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm
Received on Tuesday, 23 May 2006 17:46:45 UTC