Re: Normative reference to URI spec from Frederick Hirsch on 2007-08-06 (public-xmlsec-maintwg@w3.org from August 2007)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 6 Aug 2007 18:46:42 -0400
To: ext Thomas Roessler <tlr@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, public-xmlsec-maintwg@w3.org
Message-Id: <113037DE-7714-488D-ADAF-50E6992A7229@nokia.com>

The revised text in the editors draft of XML Signature in Section  
4.3.3.2 The Reference Processing Model
[1] says

"In this specification, a 'same-document' reference is defined as a  
URI-Reference that does not contain a URI. [URI]"

This is very clear in the context of section 4 of RFC 2396 but may  
not be so obvious in the context of RFC 3986, yet another related  
proposal is to remove reference to RFC 2396 and replace it with a  
reference to RFC 3986.

Thus I propose the following revision of this sentence:

"In this specification, a 'same-document' reference is defined as a  
URI-Reference that does not contain a URI, in other words a hash sign  
('#') followed by a fragment identifier [URI]."

In addition I suggest we change the References section to replace the  
reference for URI with

RFC 3986. Uniform Resource Identifiers (URI): Generic Syntax. T.  
Berners-Lee, R. Fielding, L. Masinter. January 2005. http:// 
www.ietf.org/rfc/rfc3986.txt

and replace "RFC 2396" with "RFC 3986" in section 4.3.3.1 (2 places).

regards, Frederick

Frederick Hirsch
Nokia
[1] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec- 
ReferenceProcessingModel



regards, Frederick

Frederick Hirsch
Nokia


On Jul 17, 2007, at 10:51 AM, ext Thomas Roessler wrote:

>
> Section 4.3.3.2, Reference Processing Model
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec- 
> ReferenceProcessingModel
>
> As an aside, there's some language in 4.3.3.2 that references the
> URI spec for the definition of a "same-document URI-Reference."
>
> Unfortunately, the meaning of that has changed between the URI spec
> that is referenced in xmldsig-core and the currently valid one (RFC
> 2396 vs. RFC 3986): Same-document references are now (in RFC 3986)
> defined in terms of the base URI; the purely syntactic definition
> ("URI references with an empty URI", i.e., just a fragment
> identifier) from RFC 2396 is no longer there.
>
> However, XML Signature relies on that syntactic definition and
> actually replays it in the specification text to a large extent. I'd
> therefore propose to explicitly say that, for the purposes of
> xmldsig-core, we mean a URI Reference with no URI part (thereby
> replaying the syntactic definition from 2396); the current editor's
> draft includes that change.
>
> We can then go on to bump the normative reference from 2396 to 3986.
>
> Regards,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
>

Received on Monday, 6 August 2007 22:46:53 UTC