- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Mon, 06 May 2002 20:14:18 +0200
- To: merlin <merlin@baltimore.ie>
- Cc: John Boyer <JBoyer@PureEdge.com>, reagle@w3.org, w3c-ietf-xmldsig@w3.org
- Message-id: <44502150.1020716058@crypto>
--On Dienstag, 19. März 2002 23:48 +0000 merlin <merlin@baltimore.ie> wrote:
> Admittedly, it allows operations such as exclude an element in
> the middle of a tree, but include its children ("H" in your example),
> but I don't think that these features are compelling. People can use
> the old XPath if they need an operation as esoteric as that.
Hi Merlin,
hi all
First, in reply to Merlin's post[2], I'm happy to confirm that the current
spec of "XML-Signature XPath Filter 2.0" [1] allows my esoteric suggestion
from [3] ;-) (I attached the sample at this mail).
Now to I have a suggestion/change request about the "XML-Signature XPath
Filter 2.0" [1]:
---
What I want: I want to be able to "merge" multiple, subsequent (directly
followinf each other) xmldsig-xfilter2 transforms into a single transform.
---
Why I want it: First, this transform is cool - it really rules. This
transform is very powerful in the ways how easily I (as a user) can express
my wishes on what I want to sign - simply in a subtree language which is
really intuitive. The real power of this transform becomes visible if I
chain multiple of these transforms into a direct sequence: I can cut,
divide, include, exclude, whatever I want. My own implementation has a very
clean interface on what is given from a previous to a following transform:
either an octet stream or an xpath node set. If I want to release the full
power of this transform, I need all intersect/subtract/union information in
my hands in a single transform. THEN I can speed up and touch every node
only once. The processing model does not change: Multiple 'steps' (whereas
e.g. a single union operation is a step) are applied in the order in which
they appear in the transform.
---
How this could look like:
<ds:Transform Algorithm="http://www.w3.org/2002/04/xmldsig-filter2"
xmlns:dsig-xpath="http://www.w3.org/2002/04/xmldsig-filter2">
<dsig-xpath:XPath Filter="intersect"> //E </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //B </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="subtract"> //C </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //F </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="subtract"> //G </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //H </dsig-xpath:XPath>
</ds:Transform>
---
Note to the schema cracks: Here, I have multiple child elements put
directly into the ds:Transform. If it's more philosphically correct, insert
an intermediary element like that:
<ds:Transform Algorithm="http://www.w3.org/2002/04/xmldsig-filter2"
xmlns:dsig-xpath="http://www.w3.org/2002/04/xmldsig-filter2">
<dsig-xpath:XPathSequence>
<dsig-xpath:XPath Filter="intersect"> //E </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //B </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="subtract"> //C </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //F </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="subtract"> //G </dsig-xpath:XPath>
<dsig-xpath:XPath Filter="union"> //H </dsig-xpath:XPath>
</dsig-xpath:XPathSequence>
</ds:Transform>
Regards,
Christian
[1] http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/
Revision v1.5
[2]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/0237.html
[3]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/att-0236/01
-xpath2filter_tree.gif
Attachments
- application/x-zip-compressed attachment: geuerp-esoteric-xmldsig-xfilter2.zip
Received on Monday, 6 May 2002 14:10:19 UTC