OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] XPath Attribute Profile: XPath as an Identifier

> Other thoughts: 
> - "urn:xpath" as a prefix: Is it safe to just use xpath 
> directly (name="/pp/LegalName/CommonName") or does it need to 
> have some clarifying prefix 
> (name="urn:some_name_clarifying_that_this_is_an_xpath_name:/pp
> /LegalName/CommonName").  I suppose the problem is that XPath 
> is a uri and I'm trying to put it into a urn. 

Well, I think the problem is that XPath is (generally) a relative URI, and
you want an absolute URI. Whether it's a URN or a URL isn't the point,
there's no "base" to resolve the thing with.

I'm wondering where XPointer fits into this.

Lest I be accused of just arguing over naming before we have the use case
nailed down, I think this *is* part of the use case. We have to understand
how we would interpret the notion of an XPath as a "name" when it really
connotes a node set in a particular document, so understanding the thing
we're implicitly pointing into is really the starting point.

I know XACML has XPath bits in it, but what's the "source" document into
which the path is evaluated? Is that just specified along with the XPath?

To put it another way, is it worth instead addressing XPath requirements
more in terms of how to incorporate attributes by reference, as XACML does,
rather than as a simple translation of one thing into another inline format?
That seems somewhat more powerful, even if it does introduce the usual
question of what it means to sign an assertion that amounts to a pointer to
something that the signature doesn't cover.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]