santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad La Joie <laj...@itumi.biz>
Subject Re: XML Security Java 1.5.0-RC1 available
Date Tue, 20 Dec 2011 16:46:52 GMT
I think, by "checks that each (local) Reference URI in a Signature is
in the document tree and is unique" and "It would not check for
duplicate Ids in other namespaces" what you're saying is the
following, is this correct?

Prior to any processing people would need to register the QName of
attributes they consider to be ID attributes.  You'd then walk the
tree once and ensure that for those attributes there is no duplication
(and presumably create a ID->element mapping for use later during ID
resolution).  Those attributes which are not registered are ignore and
may include a duplicate ID value and if apps pick that up and make
some assumption about, it's their own issue to deal with.

On Tue, Dec 20, 2011 at 11:36, Colm O hEigeartaigh <coheigea@apache.org> wrote:
> What we could do is add some functionality that checks that each
> (local) Reference URI in a Signature is in the document tree and is
> unique. The retrieved element could be set on IdResolver. This way,
> the tree is only walked once, instead of each time IdResolver is
> called when resolving a reference, as is the case for 1.4.x. This
> behaviour could be controlled by a property, possibly defaulting to
> true.
> It would not check for duplicate Ids in other namespaces (e.g.
> wsu:Id), or support retrieving elements in these namespaces - it would
> be up to the calling code to support this.
>
> Would this address your concerns?

-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

Mime
View raw message