- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Wed, 27 Oct 1999 17:37:29 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
- Cc: timbl@w3.org
As we all know, we are presently using URNs for algorithm identifiers that
are non-sensical -- they do not exist; they have not been registered.
Assignment of a URN is a managed process.
I.e., not all strings that conform to URN syntax are necessarily
valid URNs. A URN is assigned according to the rules of a
particular namespace (in terms of syntax, semantics, and process).
[1] ftp://ftp.isi.edu/in-notes/rfc2611.txt
Of course, we've needed some space fillers in our draft until we come up
with something better. To that end (something better), I've been looking at
the various policies of institutions and even have a potential syntactical
solution that might help our situation.
In referencing W3C specifications we are ok. While verbose, the W3C uses the
dated name (URL) of a specification to reference the semantics of that
specification.
RFC2611 [1] specifies how to register/request a URN from IANA if we need to
do so (though I prefer W3C namespace in the XML context) but we can't yet
refer to other IETF semantics using URNs. The IETF URN Working Group charter
[2] lists an Informational RFC proposal [3] regarding the allocation of IETF
URNs to RFCs, but there is still no governing policy to my knowledge.
[2] http://www.ietf.org/html.charters/urn-charter.html
[3] ftp://ftp.isi.edu/in-notes/rfc2648.txt
And of course, this says nothing of other institutions like RSA, ISO, etc.
When I was speaking with Tim Berners-Lee and Dan Connolly about this issue
we agreed that "making up" URNs defeats the purpose of URNs: ensuring
integrity, persistence, and non-collission based institutional management of
that namespace. The WG needs to use registered URNs, or create our own and
then define which references apply to which tokens in that name space.
Dan and Tim suggested something that I think interesting if I understand it
properly. We might have attributes that look like:
<DigestValue IETF:base64="a23bcd43">
Or, we could try something along the lines of nesting
<Signature xmlns="http://www.w3.org/1999/10/signature-core">
xmlns:IETF="http://www.w3.org/1999/10/signature-core/IETF"
<SignedInfo id="a">
<ObjectReference Location="http://www.ietf.org">
<c14n>
<IETF:sha1>
<IETF:base64>a23bcd43</base64>
</IETF:sha1>
</c14n>
</ObjectReference>
and in the spec we define what signarure-core/IETF or /NIST means via a
normative reference.
What would really be nice is the ability to have qualified attribute values!
Like:
<DigestValue Algorithm="IETF:base64">a23bcd43</DigestValue>
This feature is not in the present XML Schema WD [4]. However, the Schema
WG Chair tells me they expect to have this in the next or following draft.
[4] http://www.w3.org/TR/1999/WD-xmlschema-1-19990924/
Any other thoughts? I don't know how the IESG will react, but I've been told
that W3C will not look kindly upon bogus URNs. (A further request on XML
Schemas follows in the next message.)
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Wednesday, 27 October 1999 17:37:33 UTC