- From: Pratik Datta <pratik.datta@oracle.com>
- Date: Sat, 16 Oct 2010 16:35:40 -0700 (PDT)
- To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
I have updated the schema based on the first option, where each IDAttribute mentions the ID referencing mechanism for that ID only. Have we resolved to go with this option? Here is the schema snippet. This should close my ACTION-662. Also related to ACTION-647 and ACTION-661 <element name="Verification" type="dsig2:VerificationType"/> <complexType name="VerificationType"> <sequence> <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/> <!-- The <disg2:Verification> element can have any of the following subelements in any order, or have any user defined elements <element ref="disg2:DigestDataLength"> <element ref="dsig2:PositionAssertion"> <element ref="disg2:IDAttributes"> --> </sequence> </complexType> <element name="DigestDataLength" type="integer"/> <element name="PositionAssertion" type="string"/> <element name="IDAttributes" type="dsig2:IDAttributesType"/> <complexType name="IDAttributesType"> <choice> <element name="QualifiedID"> <complexType> <attribute name="name" type="string" use="required"/> <attribute name="ns" type="string" use="required"/> </complexType> </element> <element name="UnqualifiedID"> <complexType> <attribute name="name" type="string" use="required"/> <attribute name="parentname" type="string" use="required"/> <attribute name="parentns" type="string" use="required"/> </complexType> </element> </choice> </complexType> -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Thursday, August 26, 2010 7:18 AM To: Pratik Datta; public-xmlsec@w3.org Subject: RE: ACTION-581: proposal around IDness of attributes > Since this element is per reference, should the signer precisely specify how > the ID was specified, or give a generic list of ID attribute definitions? The latter, because of the option to use them in XPath selections. If you remove that aspect from the XPath subset you're allowing, then I would say we can switch it to one and optimize the syntax. > E.g. let us say the first reference uses xml:Id and the second uses wsu:ID. > Does the signer have to put in xml:Id for the first and wsu:ID front the > second, or can he put in both for both references? The second option is > imprecise, but it is easier for the signer, he can just say list out all the > Id mechanisms that he normally uses, and not precisely specify which one he > is using for a particular reference. However the first option is better for > the verifier and that is what I have assumed. Either is fine, IMHO. I would probably use text like "if the selection URI or XPath expressions include the use of an ID attribute, the signer SHOULD identify all such attributes using the dsig2:IDAttributes element". -- Scott
Received on Saturday, 16 October 2010 23:36:42 UTC