[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] RE: [wss-comment] Id clash case
Manveen originally asked: > It is not clearly stated what should happen when a wsu:Id or another > form of ID do clash? Michael McIntosh stated: > I think WS-Security should (as it does) make it clear that the presence of > multiple IDs with the same value should not be allowed. WSS 1.0 currently states: > "Two wsu:Id attributes within an XML document MUST NOT have the same > value. As Manveen has pointed out, I do not think that WS-Security clearly handles the case where a wsu:id attribute has the same value as another id attribute that is NOT from the wsu namespace e.g. xml:id. Mike: Do you want to extend the WSS uniqueness constraint to cover the case where another id attribute (not in the wsu namespace) has the same value as a wsu:id attribute? /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:pcotton@microsoft.com > -----Original Message----- > From: Michael McIntosh [mailto:mikemci@us.ibm.com] > Sent: April 27, 2005 8:05 AM > To: Paul Cotton > Cc: Manveen Kaur; wss@lists.oasis-open.org > Subject: Re: [wss] RE: [wss-comment] Id clash case > > "Paul Cotton" <pcotton@microsoft.com> wrote on 04/26/2005 08:32:10 PM: > > > ? moving discussion to the TC email list: > > > > Another source of information on the processing of id attributes is > > the new W3C xml:id WD: > > http://www.w3.org/TR/xml-id/ > > > > Note that even this specification does NOT enforce the uniqueness > > constraint with a MUST: > > ?An xml:id processor should assure that the following constraints hold: > > * The values of all xml:id attributes and all attributes of > > type ?ID? within a document are unique.? > > And to make the puzzle complete even when the above constraint is > > upheld by the xml:id processor then the error is non-fatal: > > [Definition: An xml:id error is a non-fatal error that occurs when an > > xml:id processor finds that a document has violated the constraints > > of this specification.] > > So it appears to me that the semantics of what happens for duplicate > > ids is determined at the application level. > > I think WS-Security should (as it does) make it clear that the presence of > multiple IDs with the same value should not be allowed. One of the > elements with the same ID value could be signed and verified by the > security layer, while a second unsigned element with the same ID value > could be passed to the application. The application might incorrectly > assume that the element had been signed and verified. It is better for the > security layer to reject such messages. > > > /paulc > > > > Paul Cotton, Microsoft Canada > > 17 Eleanor Drive, Nepean, Ontario K2E 6A3 > > Tel: (613) 225-5445 Fax: (425) 936-7329 > > mailto:pcotton@microsoft.com > > > > > > > > > -----Original Message----- > > > From: Manveen Kaur [mailto:Manveen.Kaur@Sun.COM] > > > Sent: April 26, 2005 8:05 PM > > > To: wss-comment@lists.oasis-open.org > > > Subject: [wss-comment] Id clash case > > > > > > Hi, > > > > > > WSS specification [1] Lines 405-408 state- > > > > > > "Two wsu:Id attributes within an XML document MUST NOT have the same > > > value. Implementations MAY rely on XML Schema validation to provide > > > rudimentary enforcement for intra-document uniqueness. However, > > > applications SHOULD NOT rely on schema validation alone to enforce > > > uniqueness." > > > > > > It is not clearly stated what should happen when a wsu:Id or another > > > form of ID do clash? > > > > > > DOM defines behaviour as undefined and shorthand xpointer says it > would > > > use the first element found in that Id. > > > > > > What is the implementation's expected behaviour in this case? > > > > > > Thanks, > > > --Manveen > > > > > > [1] > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > > > security-1.0.pdf > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: wss-comment-unsubscribe@lists.oasis-open.org > > > For additional commands, e-mail: wss-comment-help@lists.oasis-open.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]