[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-security] UBL-XAdES-Profile 1.0-20100501 - Draft 05
The function here() is defined in http://www.w3.org/TR/xmldsig-core/#function-here in 6.6.3 XPath Filtering where you find: The XPath transform establishes the following evaluation context for each node of the input node-set: • A context node equal to a node of the input node-set. • A context position, initialized to 1. • A context size, initialized to 1. • A library of functions equal to the function set defined in [XPath] plus a function named here. • A set of variable bindings. No means for initializing these is defined. Thus, the set of variable bindings used when evaluating the XPath expression is empty, and use of a variable reference in the XPath expression results in an error. • The set of namespace declarations in scope for the XPath expression. As a result of the context node setting, the XPath expressions appearing in this transform will be quite similar to those used in used in [XSLT], except that the size and position are always 1 to reflect the fact that the transform is automatically visiting every node (in XSLT, one recursively calls the command apply-templates to visit the nodes of the input tree). then you can find: A more elegant solution uses the here function to omit only the Signature containing the XPath Transform, thus allowing enveloped signatures to sign other signatures. In the example above, use the XPath element: <XPath xmlns:dsig="&dsig;"> count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1]) > count(ancestor-or-self::dsig:Signature)</XPath> The XPath we proposed is derived form the standard one and I accept that a different XPath can be defined for dome reasons but this can rise some interoperability problem and who implement a different XPath has take the risk that the recipient could refuse the signature if the verifier is not able to ascertain that the XPath used is a "good" one. Andrea Il giorno 11/mag/2010, alle ore 12.15, G. Ken Holman ha scritto: > Just a quick note when reading this post ... perhaps this is covered off in some digital signature specification. I get a bit concerned when I read: > > At 2010-05-11 11:40 +0200, Oriol Bausà Peris wrote: >> <XPath xmlns:odsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0"> >> >> count(ancestor-or-self::odsig:document-signatures | >> >> here()/ancestor::odsig:document-signatures[1]) > >> >> count(ancestor-or-self::odsig:document-signatures) >> >> </XPath> > > ... because there is no "here()" function in XPath. I cannot implement the above expression with a pure XPath processor. > > The "here()" function cannot be an extension defined by any specification, because extension functions cannot be un-prefixed. > > So I believe something must be changed in the expression ... regardless if the expression is mandatory or recommended. > > I hope this helps. > > . . . . . . . . . . . Ken > > > -- > XSLT/XQuery training: after http://XMLPrague.cz 2011-03-28/04-01 > Vote for your XML training: http://www.CraneSoftwrights.com/o/i/ > Crane Softwrights Ltd. http://www.CraneSoftwrights.com/o/ > G. Ken Holman mailto:gkholman@CraneSoftwrights.com > Male Cancer Awareness Nov'07 http://www.CraneSoftwrights.com/o/bc > Legal business disclaimers: http://www.CraneSoftwrights.com/legal > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]