RE: ACTION-581: proposal around IDness of attributes from Pratik Datta on 2010-10-16 (public-xmlsec@w3.org from October 2010)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sat, 16 Oct 2010 16:35:40 -0700 (PDT)
To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
Message-ID: <70330975-b47c-4026-8c60-97ffa9acd3b9@default>

I have updated the schema based on the first option, where each IDAttribute mentions the ID referencing mechanism for that ID only. Have we resolved to go with this option?


Here is the schema snippet.   This should close my ACTION-662.  Also related to ACTION-647 and ACTION-661

	<element name="Verification" type="dsig2:VerificationType"/>
	<complexType name="VerificationType">
        <sequence>
            <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
            <!--
                The <disg2:Verification> element can have any of the following subelements in any order,  or have any user defined elements
               <element ref="disg2:DigestDataLength">
               <element ref="dsig2:PositionAssertion">
               <element ref="disg2:IDAttributes">
            -->
        </sequence>
	</complexType>
	<element name="DigestDataLength" type="integer"/>
	<element name="PositionAssertion" type="string"/>
	<element name="IDAttributes" type="dsig2:IDAttributesType"/>
	<complexType name="IDAttributesType">
	   <choice>
	       <element name="QualifiedID">
	           <complexType>
	               <attribute name="name" type="string" use="required"/>
	               <attribute name="ns" type="string" use="required"/>
	           </complexType>
	       </element>
           <element name="UnqualifiedID">
               <complexType>
                   <attribute name="name" type="string" use="required"/>
                   <attribute name="parentname" type="string" use="required"/>
                   <attribute name="parentns" type="string" use="required"/>
               </complexType>
           </element>
	   </choice>
	</complexType>

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Thursday, August 26, 2010 7:18 AM
To: Pratik Datta; public-xmlsec@w3.org
Subject: RE: ACTION-581: proposal around IDness of attributes

> Since this element is per reference, should the signer precisely specify
how
> the ID was specified, or give a generic list of ID attribute definitions?

The latter, because of the option to use them in XPath selections. If you
remove that aspect from the XPath subset you're allowing, then I would say
we can switch it to one and optimize the syntax.

> E.g. let us say the first reference  uses xml:Id and the second uses
wsu:ID.
> Does the signer have to put in xml:Id  for the first and wsu:ID front the
> second, or can he put in both for both references? The second option is
> imprecise, but it is easier for the signer, he can just say list out all
the
> Id mechanisms that he normally uses, and not precisely specify which one
he
> is using for a particular reference. However the first option is better
for
> the verifier and that is what I have assumed.

Either is fine, IMHO. I would probably use text like "if the selection URI
or XPath expressions include the use of an ID attribute, the signer SHOULD
identify all such attributes using the dsig2:IDAttributes element".

-- Scott

Received on Saturday, 16 October 2010 23:36:42 UTC