- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 4 May 2007 14:11:05 -0400
- To: www-xml-canonicalization-comments@w3.org
- Cc: Hirsch Frederick <frederick.hirsch@nokia.com>, Roessler Thomas <tlr@w3.org>
The XML Security Specifications Maintenance WG has reviewed C14N11 [1] and has the following comments and proposed changes. (1) Change the first sentence in the Abstract from "Canonical XML 1.1 is a revision to Canonical XML 1.0 to address issues raised while producing the xml:id specification." to "Canonical XML 1.1 is a revision to Canonical XML 1.0 to address issues related to inheritance of attributes in the XML namespace when canonicalizing document subsets, including the requirement not to inherit xml:id, and to treat xml:base URI path processing properly." This should clarify the reasons for the C14N11 revision rather than the process used to reach the changes. (2) Change the abstract and also the introduction to clarify the relationship to XML 1.0 and XML 1.1. It is not clear in the C14N11 specification [1] that it is only applicable to XML 1.0 and not XML 1.1 since it is not explicitly stated. There is also possible confusion about XPath versions. Recommendation: Add the following statement to the text in both the abstract also the introduction to make this explicit: "C14N11 is applicable to XML 1.0 and defined in terms of the XPath 1.0 data model. It is not defined for XML 1.1." (3) Add hyperlinks to the reference to RFC 3986 ([URI]) from the references to RFC 3986 in the fifth paragraph and bullets in Section 2.4 [2] (4) In section 2.4, Document Subsets, for clarity use the same notation for X and E values, e.g. state in next to last paragraph in document subset section [2]: "In that case let Xm ... X1 be the values of the xml:base attributes on En...E1 (in order from outermost to innermost). The sequence of values is reduced to a single value by first combining Xm with Xm-1, then the result with Xm-2, and so on" instead of "In that case let X1 ... Xm be the values of the xml:base attributes on En...E1 (in order from outermost to innermost). The sequence of values is reduced to a single value by first combining X1 with X2, then the result with X3, and so on" (5) Add the following as a new paragraph at the end of section 2.4, Document Subsets: "Attributes in the XML namespace other than xml:base, xml:id, xml:lang, and xml:space MUST be processed as ordinary attributes." This provides guidance regarding expectations regarding possible new attributes in the XML namespace. In conjunction with this (but not for this document) when new attributes are defined in the xml namespace, security considerations and canonicalization considerations should be outlined. (6) Add another example to section 3 showing handling of xml:id and xml:base for document subset, e.g.: --- 3.8 Document Subsets and XML attributes Input <!DOCTYPE doc [ <!ATTLIST e2 xml:space (default|preserve) 'preserve'> <!ATTLIST e3 id ID #IMPLIED> ]> <doc xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org" xml:base="http://www.example.com/something/else"> <e1> <e2 xmlns="" xml:id="abc" xml:base="../bar/"> <e3 id="E3" xml:base="foo"/> </e2> </e1> </doc> Document Subset Expression (same as 3.7) <!-- Evaluate with declaration xmlns:ietf="http://www.ietf.org" --> (//. | //@* | //namespace::*) [ self::ietf:e1 or (parent::ietf:e1 and not(self::text() or self::e2)) or count(id("E3")|ancestor-or-self::node()) = count(ancestor-or- self::node()) ] Canonical Form <e1 xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"><e3 xmlns="" id="E3" xml:base="http://www.example.com/bar/foo" xml:space="preserve"></e3> </e1> Demonstrates: xml:id not inherited. simple inheritable XML attribute inherited (xml:space) xml:base fixup performed --- The rationale is that there is no example for xml:id and xml:base handling in this section. Thank you regards, Frederick Frederick Hirsch, Nokia Chair, XML Security Specifications Maintenance WG [1] <http://www.w3.org/TR/xml-c14n11/> [2] <http://www.w3.org/TR/xml-c14n11/#DocSubsets>
Received on Friday, 4 May 2007 18:11:15 UTC