[xmlsec] Re: Detached Signatures (same-document)

Daniel Veillard daniel at veillard.com
Mon Oct 11 05:56:27 PDT 2004


On Sun, Oct 10, 2004 at 09:52:03PM -0700, Larry Bugbee wrote:
> I did.  ...but it didn't seem right and hence my note.  I'm just trying 
> to understand if indeed something needs fixing rather than a DTD 
> workaround.

  In the absence of a DTD, there is no type to attributes, period
it's the XML Recommendation. We are working on getting xml:id out
with will provide a solution and is implemented in libxml2 already.
  http://www.w3.org/TR/xml-id/
  Norman Walsh from Sun is currently trying to push xml:id forward
this is the only sane solution.

I don't know how xmlsec spec deals with locations within a document,
but if you want to use an ID which will work with XPath id() you
MUST use a DTD or a schemas to provide the type information (or 
xml:id but this may not be portable yes). I am positive about it,
with my W3C XML Core working group member hat firmly on, the fact
that other toolkits may screw around the spec is not an argument 
worth pointing out, sorry, in the long term they and their users
will pay a massive maintainance costs due to the deviation, there
is zero chance I will enter that silly game. If you invested in 
a non-standard technology without checking, well you got locked in
and have to pay the price. Never ever use tools without checking they
work correctly, it's true in any industry. You may have generated
tons of non-conforming documents as a result, check your liability
status with the provider of said software.

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | 



More information about the xmlsec mailing list