[xmlsec] Re: Detached Signatures (same-document)

Aleksey Sanin aleksey at aleksey.com
Sun Oct 10 22:00:10 PDT 2004


XML spec does not say that ID attribute should have name "Id".
It can be anything (for example, I can have ID attribute with
name like "ThisIsMyID"). The only way to identify the ID
attribute is to mark it as such in DTD, XML Schema, or directly
in application.

BTW, you might want to subscribe to xmlsec mailing list if you
want to continue this discussion.

Best,
Aleksey


Larry Bugbee wrote:
> I did.  ...but it didn't seem right and hence my note.  I'm just trying 
> to understand if indeed something needs fixing rather than a DTD 
> workaround.
> 
> I didn't expect this issue to have a clean answer hence 
> 'point/counterpoint'.  One could even argue the W3C specification is 
> incorrect.  I'm inclined to think not, but who knows?
> 
> I believe an implementation of the W3C recommendation should not require 
> the user to add a DTD simply to do same-document detached signatures.  I 
> haven't tested java or apache yet, but if what Andrew says is true, the 
> DTD should not be necessary.  A number of other programmers were 
> expecting that to be the case given the postings I read.
> 
> What am I missing?
> 
> My thanks,
> 
> Larry
> 
> 



More information about the xmlsec mailing list