- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 02 Aug 2001 10:57:20 -0400
- To: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
At 09:09 8/2/2001, Joseph M. Reagle Jr. wrote: >At 20:44 8/1/2001, Dournaee, Blake wrote: >>This would allow me to change the URI without altering the validity of the >>signature. > >If it's being used in the Canonical XML context, remove the '//@*' from: > (//. | //@* | //namespace::*) As an aside what I suggest doesn't actually work in the Python implementation and I welcome any thoughts. In the Python implementation even the Xpath subset is still a DOM set: there's no namespace axis property and it considers ns declarations as attributes. A consequence of this is is that our implementation is non-compliant when it comes to canonicalizing certain xpath expressions over namespaces and attributes. The typical expression is all elements, attributes, and namespaces '(//. | //@* | //namespace::*) If we tweaked our code to try to address the problem of not rendering attributes and namespaces when not in the subset we still have problems because of the DOM nodes from the subset. If we omit attributes: '(//. | //namespace::*) we lose attributes *and* namespaces. If we omit namespaces '(//. | //@*) nothing happens. The XPath subsets from implementations I've looked at behave like DOM (as described in the two examples above) instead of XPath, and I don't think we can get much help from DOM 1 or 2: >http://www.w3.org/TR/DOM-Level-2-Core/core.html#Namespaces-Considerations >As far as the DOM is concerned, special attributes used for >declaring XML namespaces are still exposed and can be manipulated just >like any other attribute. However, nodes are permanently bound to >namespace URIs as they get created. I'm not sure if there are any XPath implementations that actually return an XPath subset with namespaces in a namespace axis, not as attributes. Is that what other folks are using? -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 2 August 2001 10:57:21 UTC