ACTION-434: Propose "final" disposition of Referencing syntax from Scott Cantor on 2009-11-30 (public-xmlsec@w3.org from November 2009)

From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 30 Nov 2009 17:00:33 -0500
To: "'XMLSec WG'" <public-xmlsec@w3.org>
Message-ID: <077101ca7208$8a10ebb0$9e32c310$@2@osu.edu>

I took an action to review the old and new Signature reference models and
propose an approach for 2.0 to harmonize things as best we can. As part of
that action, I read the original Reference model text pretty closely, and it
turns out that we're going to end up having to change the Reference model no
matter what, or we have to continue to support the esoterica in there about
the differences between #foo and #xpointer('foo'), because of the way
comment nodes get handled in those two cases.

Since we clearly want comments to be signable in the new model, we have to
support same-document references that don't throw away comments, and right
now that's handled by special rules for to those two approaches. To fix that
complexity, which I am in favor of because that's totally bizarre, we'd have
to change the existing rules when in the presence of the new Transform.

If we do that, then we may as well just accept that we can also change the
rule about not allowing more than one Reference without a URI and avoid this
mess the way Pratik originally suggested, namely let's just omit URI from
the Reference when using the new Transform and make it part of the Selection
element.

I was against that aesthetically at the time, but I think I've changed my
mind. Pratik probably understood this better than I did. The best way to
avoid making things even more complex compatibility-wise is to signal the
new approach cleanly, and I think moving the URI down does that pretty well.
That gets us away from all the existing Reference/@URI text and we can just
leave that there for compatibility without having to make it even more
convoluted.

With that said, if people agree on this, I'm willing to draft up some schema
(based on Pratik's) and suggested text for the new Transform and some
language to adjust the meaning of a missing URI up top. In particular, we
can be explicit about exactly what URI syntaxes to allow (and xpointer need
not apply).
 
If people want further discussion, then I'll hold off on that until this is
decided.

-- Scott

Received on Monday, 30 November 2009 22:01:17 UTC