- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 28 Oct 1999 18:38:06 -0400
- To: "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
- Cc: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
At 14:49 99/10/28 -0700, Jim Schaad (Exchange) wrote: >The use of Location="" to refer to the entire document appears to me to be >potentially troublesome in work flow applications. When one starts >including or moving forward signed documents, add other items (including >other signatures) and so forth. Using Location="" to refer to the >containing document has now rather drastically changed its meaning and its >not clear that the same set of items can be found again except potentially >by explicit inclusion (rather than exclusion). I can understand this concern and if I sympathized with it, I would recommend we not permit "" instead of trying to redefine something defined by the URI spec. (Even not permitting it is a sort of abuse.) However, this problem is not unique to us, a URI is an identifier for a resource, sometimes the content of a URI changes. (Your issue applies regardless if its a "Same-document reference" [2] or URI reference). The URI Location="" is still a completely non-ambigous URI: "Axiom2: It doesn't matter to whom or where you specify that URI, it will have the same meaning." [1] http://www.w3.org/DesignIssues/Axioms.html [2] http://www.ietf.org/rfc/rfc2396.txt (section 4.2) If you use Location="" followed by some transforms that John has described that only "selects" those things you care about, people add other signatures, your Location="" still will mean the same thing. Again, this is the same if the location points to a fully specified URI reference. >I assume that when this statement is made that the omission of the Location >element is absent that it is equivalent to <Location HREF="">. We've stated that the ommission of <Location HREF=""> means it is known by the application context. I assume we would to capture this same semantic if we end up with it as an attribute of ObjectReference. >Object of the Signature. These are the message that I am most worried about >size for, and would therefore like to be able to omit the Location reference >and still have it well understood what the location of the object is suppose >to be. <ObjectReference Location="5"> ... <Object ID="5"> I count 18 characters needed for this reference using this syntax (where location is an attribute, not its own element.) >It seems to me that we potentially need a couple of different types of >"labels" that are distinct within the location. Specifically would be "this >is a URI of one type" and "You (the application) know what this is really >suppose to be, find it for me" are two that spring to mind. Potentially the >root of the document could be represented as <Location DOC/>. I'm very hesitant of this approach, sound like we are trying to build our own URI or XLink or some such thing. _________________________________________________________ Joseph Reagle Jr. Policy Analyst mailto:reagle@w3.org XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Thursday, 28 October 1999 18:38:08 UTC