- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Wed, 27 Oct 1999 17:37:29 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
- Cc: timbl@w3.org
As we all know, we are presently using URNs for algorithm identifiers that are non-sensical -- they do not exist; they have not been registered. Assignment of a URN is a managed process. I.e., not all strings that conform to URN syntax are necessarily valid URNs. A URN is assigned according to the rules of a particular namespace (in terms of syntax, semantics, and process). [1] ftp://ftp.isi.edu/in-notes/rfc2611.txt Of course, we've needed some space fillers in our draft until we come up with something better. To that end (something better), I've been looking at the various policies of institutions and even have a potential syntactical solution that might help our situation. In referencing W3C specifications we are ok. While verbose, the W3C uses the dated name (URL) of a specification to reference the semantics of that specification. RFC2611 [1] specifies how to register/request a URN from IANA if we need to do so (though I prefer W3C namespace in the XML context) but we can't yet refer to other IETF semantics using URNs. The IETF URN Working Group charter [2] lists an Informational RFC proposal [3] regarding the allocation of IETF URNs to RFCs, but there is still no governing policy to my knowledge. [2] http://www.ietf.org/html.charters/urn-charter.html [3] ftp://ftp.isi.edu/in-notes/rfc2648.txt And of course, this says nothing of other institutions like RSA, ISO, etc. When I was speaking with Tim Berners-Lee and Dan Connolly about this issue we agreed that "making up" URNs defeats the purpose of URNs: ensuring integrity, persistence, and non-collission based institutional management of that namespace. The WG needs to use registered URNs, or create our own and then define which references apply to which tokens in that name space. Dan and Tim suggested something that I think interesting if I understand it properly. We might have attributes that look like: <DigestValue IETF:base64="a23bcd43"> Or, we could try something along the lines of nesting <Signature xmlns="http://www.w3.org/1999/10/signature-core"> xmlns:IETF="http://www.w3.org/1999/10/signature-core/IETF" <SignedInfo id="a"> <ObjectReference Location="http://www.ietf.org"> <c14n> <IETF:sha1> <IETF:base64>a23bcd43</base64> </IETF:sha1> </c14n> </ObjectReference> and in the spec we define what signarure-core/IETF or /NIST means via a normative reference. What would really be nice is the ability to have qualified attribute values! Like: <DigestValue Algorithm="IETF:base64">a23bcd43</DigestValue> This feature is not in the present XML Schema WD [4]. However, the Schema WG Chair tells me they expect to have this in the next or following draft. [4] http://www.w3.org/TR/1999/WD-xmlschema-1-19990924/ Any other thoughts? I don't know how the IESG will react, but I've been told that W3C will not look kindly upon bogus URNs. (A further request on XML Schemas follows in the next message.) _________________________________________________________ Joseph Reagle Jr. Policy Analyst mailto:reagle@w3.org XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Wednesday, 27 October 1999 17:37:33 UTC