[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: proposed changes for issue 334
To resolve issue 334, I recommend that the following changes be made in rversion 1.1 of the core. current lines 363-376 (of version 1.0 at There are many motivations for referencing other message elements such as signature references or correlating signatures to security tokens. For this reason, this specification defines the wsu:Id attribute so that recipients need not understand the full schema of the message for processing of the security elements. That is, they need only "know" that the wsu:Id attribute represents a schema type of ID which is used to reference elements. However, because some key schemas used by this specification don't allow attribute extensibility (namely XML Signature and XML Encryption), this specification also allows use of their local ID attributes in addition to the wsu:Id attribute. As a consequence, when trying to locate an element referenced in a signature, the following attributes are considered: • Local ID attributes on XML Signature elements • Local ID attributes on XML Encryption elements • Global wsu:Id attributes (described below) on elements In addition, when signing a part of an envelope such as the body, it is RECOMMENDED that an ID reference is used instead of a more general transformation, especially XPath [XPATH]. This is to simplify processing. proposed changes (changes occur in lines marked with !, added line marked with +) There are many motivations for referencing other message elements such as signature references or correlating signatures to security tokens. For this reason, this specification defines the wsu:Id attribute so that recipients need not understand the full schema of the message for processing of the security elements. That is, they need only "know" that the wsu:Id attribute represents a schema type of ID which is used to reference elements. However, because some key schemas used by this specification don't allow attribute ! extensibility (namely XML Signature, ! XML Encryption, and SAML Assertions), this specification also allows use of their local ID attributes in addition to the wsu:Id attribute. As a consequence, when trying to locate an element referenced in a signature, the following attributes are considered: • Local ID attributes on XML Signature elements • Local ID attributes on XML Encryption elements + • Local ID attributes on SAML Assertions • Global wsu:Id attributes (described below) on elements In addition, when signing a part of an envelope such as the body, it is RECOMMENDED that an ID reference is used instead of a more general transformation, especially XPath [XPATH]. This is to simplify processing
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]