- From: Scott Cantor <cantor.2@osu.edu>
- Date: Fri, 3 Sep 2010 12:53:04 -0400
- To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
> thanks for enlightening me. In that case, we're still not having any > progress in terms of fending namespace injection. I've reviewed the last > communications we had on this, and I ended up with the impression that we > had a tendency towards approaches #3 + #4 of my proposal in > http://lists.w3.org/Archives/Public/public-xmlsec/2010May/0027.html , > however, I found no explicit resolution on this. Maybe we still have to make > a decision here? I know if I were generating XPaths myself, I'd use #3 hands down. If we want to try and fix it explicitly while allowing for prefixes, than some variant of #4 is IMHO required. Note that it's a bit recursive....you probably end up with some kind of repeating element in #4 that identifies a QName that's in the XPath expression, and then you probably reference *that* element as a QName-valued element in the QNameAware option. Did I mention QNames are a bad thing...? -- Scott
Received on Friday, 3 September 2010 16:53:39 UTC