- From: John Boyer <jboyer@PureEdge.com>
- Date: Wed, 16 Aug 2000 11:19:46 -0700
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: <xml-names-editor@w3.org>, <www-xml-infoset-comments@w3.org>, "XML DSig" <w3c-ietf-xmldsig@w3.org>
Dear Don,
I can appreciate that you would like to characterize my explorations of this
topic as those of a "narrow-minded programmer" who should simply learn to
"be happy with the under-specified fuzzyness [sic] of it all".
However, as you well know, there are few things in this world that are more
narrow in acceptance of change than a sha-1 hash. Ultimately, our
processing model boils down to taking a digital digest of some information.
The job of the implementers is to cut through that fuzziness and tell the
computer to do something specific. If two implementers cut through that
fuzziness in different ways, the result is non-interoperable
implementations.
Perhaps I've spent too long at the business end of the whip wielded by QA
teams who do things like
...
<dsig:Reference xmlns:dsig="&dsig;" URI="#X" dsig:URI="#Y>
...
If my implementation picks up URI and your implementation picks up dsig:URI,
then only one of us will correctly validate this beastly signature.
Below you state, "If the text documenting N and/or E doesn't tell you what
to do here, you get to toss a coin or something." Tossing a coin undermines
the interoperability that is supposedly the cornerstone of XML. The 'if'
part of your statement should not be true for any application of XML, and
therefore not for XML DSig in particular.
As for the issue of why unqualified attributes do not simply default to the
namespace of their parent element, I have been trying to find out from "the
XML authorities" why they did not do it this way because the way they did it
is so specific that it belies intent. If we toss a coin and pick a
processing model, it may be in violation of their intent. We don't know
unless one of them gives the reason.
Finally, I would add that everything you say below justifies a design in XML
Names that applies an element's namespace to its unqualified attributes.
The fact that it was not this way is the original point that took both
Gregor and me by surprise. Why is it characterized as 'narrow-minded' to
ask a public working consortium to explain why a very specific feature was
added when it is somewhat contrary to reason and when noone can explain it
except to accuse the interrogator of narrow-mindedness for not processing it
in the way that it would be processed if the design were as we expected it?
Further specific points and answers to your questions are below.
Thanks for your continued patience,
John Boyer
Development Team Leader,
Distributed Processing and XML
PureEdge Solutions Inc.
Creating Binding E-Commerce
v: 250-479-8334, ext. 143 f: 250-479-3772
1-888-517-2675 http://www.PureEdge.com <http://www.pureedge.com/>
-----Original Message-----
From: Donald E. Eastlake 3rd [mailto:dee3@torque.pothole.com]
Sent: Wednesday, August 16, 2000 9:47 AM
To: John Boyer
Cc: xml-names-editor@w3.org; www-xml-infoset-comments@w3.org; XML DSig
Subject: Re: Determining attribute uniqueness seems to require namespace
prefix in Infoset
Hi John,
From: "John Boyer" <jboyer@PureEdge.com>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>,
"Joseph Reagle" <reagle@w3.org>
Cc: <xml-names-editor@w3.org>, <www-xml-infoset-comments@w3.org>,
"XML DSig" <w3c-ietf-xmldsig@w3.org>
Date: Fri, 11 Aug 2000 17:13:09 -0700
Message-ID: <BFEDKCINEPLBDLODCODKEEFCCEAA.jboyer@PureEdge.com>
In-Reply-To: <200008112057.QAA06998@torque.pothole.com>
>Hi Don,
>
>I see where you are coming from now, and it is both interesting and
correct,
>but it means we need to be saying something more in DSig, if not in XML
>Names.
>
>The appendix refers to the attributes as 'unqualified'. The section is not
>saying that unqualified attributes are qualified by per element partitions
>(because then it wouldn't be unqualified). Instead, because it is
>non-normative, it is saying that one is free to look at it this way if it
>makes one feel better.
>
>The implication is that "per element partitions" don't really exist and
need
>not be supported by conforming applications. In other words, the material
>on per element partitions is a convoluted way of saying that the only thing
>which matters is that an attribute appears within an element and should
>therefore be processed as though it were in that element's namespace unless
But the attribute is NOT "directly" in the element's namespace. It is
in orbit around that element where the full coordinates of the element
includes the elements namespace.
>it has a non-empty namespace other than the element's. As well, I think
>this is what you are saying.
>
>Unfortunately, it actually does matter quite a bit. For starters, suppose
>you have an HTML anchor with two hrefs, one unqualified and the other in
the
>HTML namespace. Which does one use? Put in another more general way,
given
Why would there be an href qualified by a namespace?
<john>
It was a specific example of this more general case.
It doesn't matter why someone would do it; what matters is that they can do
it, which opens the question of what our software should do about it.
</john>
>element E in namespace N, if one wants to obtain attribute A from E, which
>of the following processing models is correct?
>
>1) Attr = (N:E).get(N, A)
>2) if Attr is null, Attr = (N:E).get("", A)
>
>or
>
>1) Attr = (N:E).get("", A)
>2) if Attr is null, Attr = (N:E).get(N, A)
The attitude of the XML authorities seems to be "Most of the time it
doesn't matter and where it does the documentation for N:E should tell
you and if it doesn't mention it, then maybe the second processing
model is better, but it really doesn't matter much and you should stop
being such a narrow minded programmer and being so algorithmic and be
happy with the under-specified fuzzyness of it all."
<john>
Fortunately, none of the other XML authorities choose to be so directly
insulting.
Hopefully the message above helps to clear up why this issue remains a
concern.
</john>
>It makes a difference if the XML is <N:E xmlns:N="N" A="2" N:A="1">. The
>first model gives the attribute whose value is 1, and the second model
gives
>the attribute whose value is 2.
The fuzzy handwaving implications of the wording used in the XML
Namespaces specification is that N:A should be some sort of global
attribute which can appear in many elements while plain A is some sort
of normal local attribute to N:E. If the text documenting N and/or E
doesn't tell you what to do here, you get to toss a coin or something.
<john>
Coin tosses undermine interoperability.
The problem here is what to do when the local A and the global N:A are both
allowed in the same element.
</john>
>I don't think this can be explained away as a simple differing viewpoint
>because I don't agree that all applications process attributes solely
within
>the context of the parent element. The prime example of this is XSLT,
which
>uses XPath for template matching.
What I meant to say was that it is a matter of point of view if you
consider attributes without prefixes to be in no namespace and to be
defined relative to their element or you considered them to have a
globally unique name composed of their name, their element's local
name, and their element's namespace if any. The first point of view
says they are not in any namespace while the second point of view
implies they are, in some sense, in their element's namespace,
although not directly in that namespace.
<john>
There are some XML authorities like Tim B-L who feel that namespace
qualification is an important method for assigning unambiguous meaning to
XML. With both viewpoints, the unqualified attribute is NOT DIRECTLY in the
namespace.
Still, this is beside the point. The point remains that the processing
model for an element can govern the type of XPath expression one writes to
match nodes based on the effect they will have when processed.
</john>
>Lets compare the following four occurences of an element E by considering
>the xsl-template's XPath expression that must match E based on whether the
>value of an attribute A is 'test':
>
>1) <N1:E xmlns:N1="http://www.w3.org" xmlns:N2="http://www.PureEdge.com"
>A="test"/>
>2) <N1:E xmlns:N1="http://www.w3.org" xmlns:N2="http://www.PureEdge.com"
>N2:A="test"/>
>3) <N1:E xmlns:N1="http://www.w3.org" xmlns:N2="http://www.PureEdge.com"
>N1:A="Yikes" N2:A="test"/>
>4) <N1:E xmlns:N1="http://www.w3.org" A="test" N1:A="Yikes"/>
>
>The xsl-template cannot simply try to match on the local name A or else
>element E in #2 would be matched, which is clearly not intended. If we add
>to the XPath test a call to namespace-uri() to match the URI for N1, then
#3
>works but #1 doesn't. If we add a test that finds the local name of A and
a
>namespace-uri() that is either blank or equal to the URI for N1, then #1 -
>#3 work as expected, but #4 has two attributes that match the test.
Aren't XPath node tests by QName? If you specify the namespace, it
will only look at N1:A, if you don't specify any namespace, it will
only look at A, right?
<john>
Yes, exactly. It's not a question of how an XPath expression should be
written. It's a question of which XPath expression one should write. The
XPath expression is dependent upon the processing rules for the target
application. As you so eloquently put it above, the processing rules may be
based on a coin toss, which means that creating an XPath expression is
non-deterministic.
</john>
>If the claim is true that attributes should be processed within the context
>of the parent, then A="test" would indicate that the xsl-template should
>match N1:E in #4. However, N1:A is clearly the attribute A in element E's
>namespace, so for the purposes of the primary processing application for
the
>N1 namespace, N1:A and A are duplicates.
N1:A is A directly in namespace N1. It is qualified only by N1. A is
defined to be different because, while it can be viewed as qualified
by both E and N1 and it is defined as not being directly in namespce
N1.
<john>
I understand this. Hopefully it is now evident that this has nothing to do
with the problem.
</john>
>Personally, I don't believe in duplicate attributes. The normative part of
>XML Names makes it clear that the attributes are not duplicates in name
>(which is a well-formedness requirement of XML), but if the non-normative
>part of the spec invents some concept that makes the two attributes equal
>for the purposes of processing, then a precedence must be specified. Which
>one has precedence? Until we know this, the proper xsl-template cannot be
>written.
Why do you say that the non-normative part "makes the two attributes
equal for the purposes of processing"? It distinguishes them by
saying that one is in the Per-Element-Type attribute partition
associated with that element of the namesapce while the other is in
the Global attribute partition of the namesapce.
<john>
It would be helpful if you could specify how this partitioning changes the
way the attributes should be processed. Based on your discourse above, N1:A
and A are differentiated by nothing more than a coin toss unless a
particular processing behavior is specified by the application. Are you now
saying that there is a standard XML technique for processing attributes in
differing partitions?
</john>
>If I had to guess on a processing precedence, I would guess that the
>namespace qualified version should take precedence. Here's why:
>
>I've been sitting here trying to figure out why the default namespace does
>not apply to attributes, and the only thing that I can think of is that
>unqualified attributes can then be used to apply an attribute value across
>all namespaces. In other words, a sort of default value to be used when no
>namespace specific attribute is given. Consider the following bit of XML:
As I read it under the namesapces spec, "unqualified" attributes are
super-local, not super-global as you suggest above.
<john>
I was only trying to make a guess at why the authors of XML Names decided
that the default namespace would not apply to unqualified attributes. Despi
te all of the dancing around and text messages that have flung far and wide,
noone has given an explanation.
Clearly, there was an intent, but in the absence of any of those XML
authorities coming out and saying what the intent was, the only thing we can
do is guess.
Everything you have said so far would justify a design that applies the
element's namespace to unqualified attributes. If A is super-local, then it
does not seem to make sense to have
<N1:E A="" N1:A=" "/>
so why did the authors of XML names seemingly go out of their way to make
this construction legal? This is not narrow-mindedness. I am asking a
question of the language designers about their design. Why can they not
answer it? If they did answer it, then the answer might have a bearing on
the processing model that we *should* specify for dsig.
</john>
><E xmlns:N1="http://www.w3.org" xmlns:N2="http://www.PureEdge.com"
>A="default" N1:A="Value for App that processes N1" N2:A="Value for App that
>processes N2"/>
>
>The information in element E can be used by one application that conforms
to
>specification given at the URI for N1, or it could be processed by a second
>application that conforms to specifications given at N2, or it could be
>processed by some other generic XML processing application. If, by
>convention, namespace qualified attributes took precedence over unqualified
>attributes for processing, then the value for A would be
>application-dependent. If unqualified attributes took precedence, then A
>would always equal default.
You are assuming that E is defined in both N1 and N2? Then I think
you need to read the doucmentation of E in N1 and the documentation of
E in N2 to figure this out. XML is just plain under-specified and no
amount of thought will change its ambiguous parts into an un-ambiguous
specifiction.
<john>
Agreed, but this is such a specific concept that they seem to have gone out
of their way to talk about (e.g. per-element partitions). In this case,
it's not a matter of adding more thought. It's a matter of one of those
authorities saying why they did this so that we can choose a processing
model that doesn't violate their intent.
</john>
>Perhaps XML names will not be changed or clarified, and perhaps they will
>make no recommendation, but for a particular application, esp. a security
>conscious one such as DSig, we should be saying what we expect our
>processors to do when there are qualified and unqualified attributes with
>matching local names.
Sure, probably a good idea to add a few words to our specification to
say what should be done for such "duplicate" attributes for elements
we define.
<john>
Good. Why so much resistance if you end up agreeing that we should add a
few words to address the problem?
</john>
Received on Wednesday, 16 August 2000 14:19:48 UTC