Re: Decryption Transform processing question

r/reagle@w3.org/2002.07.17/11:29:28
>On Tuesday 16 July 2002 04:09 pm, merlin wrote:
>> I am speaking specifically of section 4.3.4; I would propose:
>>
>> * Perhaps drop item 1. If no version is specified, the
>>   default is, I believe 1.0; we've already dropped the
>>   default UTF-8 encoding. C14n doesn't produce this either.
>> * Drop item 2.
>> * Drop the DOCTYPE (and XML declaration) from the two XML fragments.
>>
>> To be honest, I would have no qualms about making these changes
>> and no other. If you feel text is necessary, then I would suggest
>> that 4.3.3 simply notes that the serialization process should not
>> emit entity references as these may not be available during
>> subsequent parsing.
>>
>> My main concern is simply that 4.3.4 cannot be implemented on DOM,
>> and we don't handle general entities anywhere else in the XML
>> security specs.
>
>I believe in parallel messages Takeshi is indicating that the changes are 
>not necessary (at least for his implementation) [1] and some text noting 
>that care should be used "when emitting entity references" [2]. However, to 
>be clear, perhaps Takeshi could reply specifically to your points and 
>propose then (depending on how they are addressed) text on the emitting 
>entity references.

I think it boils down to how the DOM spec[1] is to be
interpreted. I'm happy to leave our text as-is, if it is
reasonable to assume that all DOM implementations must provide
entity declaration information. Otherwise, our text seems like
a potentially unreasonable requirement. I don't consider this
a terribly important issue; I just happened across that part
of the DOM spec and it struck me as a potential problem.

Merlin

[1] http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-527DCFF2
  Note that this models the entity itself not the entity
  declaration. Entity declaration modeling has been left for
  a later Level of the DOM specification.

Received on Wednesday, 17 July 2002 12:13:17 UTC