OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] RE: [wss-comment] Id clash case

"Paul Cotton" <pcotton@microsoft.com> wrote on 04/26/2005 08:32:10 PM:

> ? moving discussion to the TC email list:
> 
> Another source of information on the processing of id attributes is 
> the new W3C xml:id WD:
> http://www.w3.org/TR/xml-id/ 
> 
> Note that even this specification does NOT enforce the uniqueness 
> constraint with a MUST:
> ?An xml:id processor should assure that the following constraints hold:
> ·         The values of all xml:id attributes and all attributes of 
> type ?ID? within a document are unique.?
> And to make the puzzle complete even when the above constraint is 
> upheld by the xml:id processor then the error is non-fatal:
> [Definition: An xml:id error is a non-fatal error that occurs when an 
> xml:id processor finds that a document has violated the constraints 
> of this specification.]
> So it appears to me that the semantics of what happens for duplicate
> ids is determined at the application level.

I think WS-Security should (as it does) make it clear that the presence of 
multiple IDs with the same value should not be allowed. One of the 
elements with the same ID value could be signed and verified by the 
security layer, while a second unsigned element with the same ID value 
could be passed to the application. The application might incorrectly 
assume that the element had been signed and verified. It is better for the 
security layer to reject such messages.

> /paulc
> 
> Paul Cotton, Microsoft Canada 
> 17 Eleanor Drive, Nepean, Ontario K2E 6A3 
> Tel: (613) 225-5445 Fax: (425) 936-7329 
> mailto:pcotton@microsoft.com
> 
> 
> 
> > -----Original Message-----
> > From: Manveen Kaur [mailto:Manveen.Kaur@Sun.COM]
> > Sent: April 26, 2005 8:05 PM
> > To: wss-comment@lists.oasis-open.org
> > Subject: [wss-comment] Id clash case
> > 
> > Hi,
> > 
> > WSS specification [1] Lines 405-408 state-
> > 
> > "Two wsu:Id attributes within an XML document MUST NOT have the same
> > value. Implementations MAY rely on XML Schema validation to provide
> > rudimentary enforcement for intra-document uniqueness. However,
> > applications SHOULD NOT rely on schema validation alone to enforce
> > uniqueness."
> > 
> > It is not clearly stated what should happen when a wsu:Id or another
> > form of ID do clash?
> > 
> > DOM defines behaviour as undefined and shorthand xpointer says it 
would
> > use the first element found in that Id.
> > 
> > What is the implementation's expected behaviour in this case?
> > 
> > Thanks,
> > --Manveen
> > 
> > [1]
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> > security-1.0.pdf
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss-comment-unsubscribe@lists.oasis-open.org
> > For additional commands, e-mail: wss-comment-help@lists.oasis-open.org
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]