[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] RE: [wss-comment] Id clash case
"Paul Cotton" <pcotton@microsoft.com> wrote on 04/27/2005 10:08:19 AM: > Manveen originally asked: > > It is not clearly stated what should happen when a wsu:Id or another > > form of ID do clash? > > Michael McIntosh stated: > > I think WS-Security should (as it does) make it clear that the > presence of > > multiple IDs with the same value should not be allowed. > > WSS 1.0 currently states: > > "Two wsu:Id attributes within an XML document MUST NOT have the same > > value. > > As Manveen has pointed out, I do not think that WS-Security clearly > handles the case where a wsu:id attribute has the same value as another > id attribute that is NOT from the wsu namespace e.g. xml:id. > > Mike: Do you want to extend the WSS uniqueness constraint to cover the > case where another id attribute (not in the wsu namespace) has the same > value as a wsu:id attribute? I think that is what was intended - the addtion of other forms of ID came late and it looks like this case was not properly covered in the added text. > > /paulc > > Paul Cotton, Microsoft Canada > 17 Eleanor Drive, Nepean, Ontario K2E 6A3 > Tel: (613) 225-5445 Fax: (425) 936-7329 > mailto:pcotton@microsoft.com > > > > > -----Original Message----- > > From: Michael McIntosh [mailto:mikemci@us.ibm.com] > > Sent: April 27, 2005 8:05 AM > > To: Paul Cotton > > Cc: Manveen Kaur; wss@lists.oasis-open.org > > Subject: Re: [wss] RE: [wss-comment] Id clash case > > > > "Paul Cotton" <pcotton@microsoft.com> wrote on 04/26/2005 08:32:10 PM: > > > > > ? moving discussion to the TC email list: > > > > > > Another source of information on the processing of id attributes is > > > the new W3C xml:id WD: > > > http://www.w3.org/TR/xml-id/ > > > > > > Note that even this specification does NOT enforce the uniqueness > > > constraint with a MUST: > > > ?An xml:id processor should assure that the following constraints > hold: > > > * The values of all xml:id attributes and all attributes of > > > type ?ID? within a document are unique.? > > > And to make the puzzle complete even when the above constraint is > > > upheld by the xml:id processor then the error is non-fatal: > > > [Definition: An xml:id error is a non-fatal error that occurs when > an > > > xml:id processor finds that a document has violated the constraints > > > of this specification.] > > > So it appears to me that the semantics of what happens for duplicate > > > ids is determined at the application level. > > > > I think WS-Security should (as it does) make it clear that the > presence of > > multiple IDs with the same value should not be allowed. One of the > > elements with the same ID value could be signed and verified by the > > security layer, while a second unsigned element with the same ID value > > could be passed to the application. The application might incorrectly > > assume that the element had been signed and verified. It is better for > the > > security layer to reject such messages. > > > > > /paulc > > > > > > Paul Cotton, Microsoft Canada > > > 17 Eleanor Drive, Nepean, Ontario K2E 6A3 > > > Tel: (613) 225-5445 Fax: (425) 936-7329 > > > mailto:pcotton@microsoft.com > > > > > > > > > > > > > -----Original Message----- > > > > From: Manveen Kaur [mailto:Manveen.Kaur@Sun.COM] > > > > Sent: April 26, 2005 8:05 PM > > > > To: wss-comment@lists.oasis-open.org > > > > Subject: [wss-comment] Id clash case > > > > > > > > Hi, > > > > > > > > WSS specification [1] Lines 405-408 state- > > > > > > > > "Two wsu:Id attributes within an XML document MUST NOT have the > same > > > > value. Implementations MAY rely on XML Schema validation to > provide > > > > rudimentary enforcement for intra-document uniqueness. However, > > > > applications SHOULD NOT rely on schema validation alone to enforce > > > > uniqueness." > > > > > > > > It is not clearly stated what should happen when a wsu:Id or > another > > > > form of ID do clash? > > > > > > > > DOM defines behaviour as undefined and shorthand xpointer says it > > would > > > > use the first element found in that Id. > > > > > > > > What is the implementation's expected behaviour in this case? > > > > > > > > Thanks, > > > > --Manveen > > > > > > > > [1] > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- > > > > security-1.0.pdf > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > wss-comment-unsubscribe@lists.oasis-open.org > > > > For additional commands, e-mail: > wss-comment-help@lists.oasis-open.org > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]