- From: Pratik Datta <pratik.datta@oracle.com>
- Date: Mon, 30 Aug 2010 10:30:57 -0700 (PDT)
- To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
I had intended our XPath streaming profile to be reusable, so that other specifications can also use it. E.g. we were planning for this to be shared with WS-Transfer. So it shouldn't have any dependencies on XML signature. I.e. XML signature 2.0 should depend on XPath profile for XML signature, but not the other way around. That is why think dsig2:IDAttributes should not be used by the XPath. This is what we are publishing for tomorrow * XPath profile includes the id() function, but says that IDs are only defined by DTDs. * XML signature 2.0 goes with option 1 - i.e the dsig2:IDAttributes should only have only one ID attribute definition - the one used by the reference But we can change it after further discussion. Pratik -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Thursday, August 26, 2010 7:18 AM To: Pratik Datta; public-xmlsec@w3.org Subject: RE: ACTION-581: proposal around IDness of attributes > Since this element is per reference, should the signer precisely specify how > the ID was specified, or give a generic list of ID attribute definitions? The latter, because of the option to use them in XPath selections. If you remove that aspect from the XPath subset you're allowing, then I would say we can switch it to one and optimize the syntax. > E.g. let us say the first reference uses xml:Id and the second uses wsu:ID. > Does the signer have to put in xml:Id for the first and wsu:ID front the > second, or can he put in both for both references? The second option is > imprecise, but it is easier for the signer, he can just say list out all the > Id mechanisms that he normally uses, and not precisely specify which one he > is using for a particular reference. However the first option is better for > the verifier and that is what I have assumed. Either is fine, IMHO. I would probably use text like "if the selection URI or XPath expressions include the use of an ID attribute, the signer SHOULD identify all such attributes using the dsig2:IDAttributes element". -- Scott
Received on Monday, 30 August 2010 17:35:02 UTC