OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [wss] RE: [wss-comment] Id clash case


Manveen originally asked:
> It is not clearly stated what should happen when a wsu:Id or another 
> form of ID do clash?

Michael McIntosh stated:
> I think WS-Security should (as it does) make it clear that the
presence of
> multiple IDs with the same value should not be allowed.

WSS 1.0 currently states:
> "Two wsu:Id attributes within an XML document MUST NOT have the same
> value.

As Manveen has pointed out, I do not think that WS-Security clearly
handles the case where a wsu:id attribute has the same value as another
id attribute that is NOT from the wsu namespace e.g. xml:id. 

Mike: Do you want to extend the WSS uniqueness constraint to cover the
case where another id attribute (not in the wsu namespace) has the same
value as a wsu:id attribute? 

/paulc
  
Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
mailto:pcotton@microsoft.com

  

> -----Original Message-----
> From: Michael McIntosh [mailto:mikemci@us.ibm.com]
> Sent: April 27, 2005 8:05 AM
> To: Paul Cotton
> Cc: Manveen Kaur; wss@lists.oasis-open.org
> Subject: Re: [wss] RE: [wss-comment] Id clash case
> 
> "Paul Cotton" <pcotton@microsoft.com> wrote on 04/26/2005 08:32:10 PM:
> 
> > ? moving discussion to the TC email list:
> >
> > Another source of information on the processing of id attributes is
> > the new W3C xml:id WD:
> > http://www.w3.org/TR/xml-id/
> >
> > Note that even this specification does NOT enforce the uniqueness
> > constraint with a MUST:
> > ?An xml:id processor should assure that the following constraints
hold:
> > *         The values of all xml:id attributes and all attributes of
> > type ?ID? within a document are unique.?
> > And to make the puzzle complete even when the above constraint is
> > upheld by the xml:id processor then the error is non-fatal:
> > [Definition: An xml:id error is a non-fatal error that occurs when
an
> > xml:id processor finds that a document has violated the constraints
> > of this specification.]
> > So it appears to me that the semantics of what happens for duplicate
> > ids is determined at the application level.
> 
> I think WS-Security should (as it does) make it clear that the
presence of
> multiple IDs with the same value should not be allowed. One of the
> elements with the same ID value could be signed and verified by the
> security layer, while a second unsigned element with the same ID value
> could be passed to the application. The application might incorrectly
> assume that the element had been signed and verified. It is better for
the
> security layer to reject such messages.
> 
> > /paulc
> >
> > Paul Cotton, Microsoft Canada
> > 17 Eleanor Drive, Nepean, Ontario K2E 6A3
> > Tel: (613) 225-5445 Fax: (425) 936-7329
> > mailto:pcotton@microsoft.com
> >
> >
> >
> > > -----Original Message-----
> > > From: Manveen Kaur [mailto:Manveen.Kaur@Sun.COM]
> > > Sent: April 26, 2005 8:05 PM
> > > To: wss-comment@lists.oasis-open.org
> > > Subject: [wss-comment] Id clash case
> > >
> > > Hi,
> > >
> > > WSS specification [1] Lines 405-408 state-
> > >
> > > "Two wsu:Id attributes within an XML document MUST NOT have the
same
> > > value. Implementations MAY rely on XML Schema validation to
provide
> > > rudimentary enforcement for intra-document uniqueness. However,
> > > applications SHOULD NOT rely on schema validation alone to enforce
> > > uniqueness."
> > >
> > > It is not clearly stated what should happen when a wsu:Id or
another
> > > form of ID do clash?
> > >
> > > DOM defines behaviour as undefined and shorthand xpointer says it
> would
> > > use the first element found in that Id.
> > >
> > > What is the implementation's expected behaviour in this case?
> > >
> > > Thanks,
> > > --Manveen
> > >
> > > [1]
> > >
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-
> > > security-1.0.pdf
> > >
> > >
> > >
> > >
> > >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
wss-comment-unsubscribe@lists.oasis-open.org
> > > For additional commands, e-mail:
wss-comment-help@lists.oasis-open.org
> >


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]