[xmlsec] Usage of reference URI and "Id"
Aleksey Sanin
aleksey@aleksey.com
Wed, 19 Jun 2002 10:50:29 -0700
Hi, Sascha!
After few coffein drinks I found a solution, implemented and checked it
into CVS. You can grab changes directly from Gnome CVS or wait till nightly
tar-ball. Now you have two possible ways to get the functionality you need:
1) ("clear" way) Load document *and* DTD for it (ID attributes names are
specified in the DTD so in order to process the IDs correctly you have
to use DTD). After this everything should work "as-is".
2) ("durty" way) If you have no DTD then you can register your ID
attribute name using xmlSecAddIdAttributeName(const xmlChar *id)
function from xmlsec/xmltree.h file:
xmlSecAddIdAttributeName("id");
The downsides are:
- the list is shared by all threads
- small performance penalty (xmlsec will check for all Ids in
the list,
in your case this will be "Id" and "id")
- may produce incorrect results in some cases (if you have "id"
as unique
ID attribute and "Id" as something else)
Aleksey
Aleksey Sanin wrote:
> Hi, Sascha!
>
> XML 1.0 does define the ID attribute type but not the name of the
> attribute.
> XML Digital Signature uses "Id" and I incorrectly assumed that everyone
> else is also using "Id" :) However, it may not be the case and you can
> use
> any name "id", "ID", "this_is_my_id", etc. This is defenetly a bug in
> xmlsec
> and I will fix it (but righnt now I am not sure, how can I do it :) ).
> Will you mind to file a bug about this in bugzilla
> http://bugzilla.gnome.org/buglist.cgi?product=xmlsec
> please? It'll be a good reminder for me :)
>
>
> Thanks,
> Aleksey
>
>
>
>
> Sascha Breite wrote:
>
>> Dear Aleksey,
>>
>> I am using your xmlsec library on a WIN32 system. Step by step I get a
>> better understandig of how it works. But I have a simple question:
>>
>> I try to verify a XML document with an internal reference
>> URI="#12345". But
>> the document node is identified by
>>
>> <MyNode id="12345">...</MyNode>...<Reference URI="#12345"/>...
>>
>> and not by
>>
>> <MyNode Id="12345">...</MyNode>...<Reference URI="#12345"/>...
>>
>> The difference is in "id" and "Id" (upper case 'i').
>> xmlSecDSigValidate()
>> will fail, because "id" wouldn't match with "Id". In the xmlsec
>> sources I
>> changed "Id" to "id" and now it is working fine.
>>
>> But is this the right way? Or is there a "bug" inside the signed
>> document,
>> which uses "id"? Or should xmlSecDSigValidate() accept "id", "Id" and
>> (why
>> not?) "ID"? I am not sure about what W3C's "XML-Signature Syntax and
>> Processing" is saying about this...
>>
>> Thanks for your answer!
>>
>> Kindly regards,
>>
>> Sascha Breite
>>
>>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec@aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec