Return-Path: X-Original-To: apmail-santuario-dev-archive@www.apache.org Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D73F87BD9 for ; Wed, 21 Dec 2011 12:16:21 +0000 (UTC) Received: (qmail 30170 invoked by uid 500); 21 Dec 2011 12:16:21 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 30044 invoked by uid 500); 21 Dec 2011 12:16:21 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 30037 invoked by uid 99); 21 Dec 2011 12:16:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Dec 2011 12:16:21 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.210.182] (HELO mail-iy0-f182.google.com) (209.85.210.182) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Dec 2011 12:16:15 +0000 Received: by iadj38 with SMTP id j38so11674111iad.27 for ; Wed, 21 Dec 2011 04:15:54 -0800 (PST) Received: by 10.42.135.69 with SMTP id o5mr7380255ict.34.1324469754350; Wed, 21 Dec 2011 04:15:54 -0800 (PST) Received: from Chads-Mac-Pro.local (c-68-62-100-239.hsd1.mi.comcast.net. [68.62.100.239]) by mx.google.com with ESMTPS id g34sm16449683ibk.10.2011.12.21.04.14.10 (version=SSLv3 cipher=OTHER); Wed, 21 Dec 2011 04:15:49 -0800 (PST) Message-ID: <4EF1CD91.4010209@itumi.biz> Date: Wed, 21 Dec 2011 07:14:09 -0500 From: Chad La Joie Organization: Itumi, LLC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: dev@santuario.apache.org Subject: Id Resolution Observations and Suggestions X-Enigmail-Version: 1.3.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit So, last night I spent some time digging in to the new code and discussing with some things with Scott. Here's where we ended up. The IdResolver is not designed in a manner that would allow alternative implementations to be used. Though, given that it is only used by the ResourceResolver implementations, those could be replaced by the user of the library The new code does use the Document.getElementById method to look up IDs in the general case. This may be overridden by explicitly placing ID-to-Element mappings into the IdResolver, but since doing this is neither documented nor shown in the examples it is fairly safe to assume this isn't happening out in the wild. Given the above, this code does not guard against any issues that may arise from duplicate IDs. In the case of signatures, there seems to be nothing that a library can do in order to ensure that the "right thing" is covered by the signature since the "right thing" is use-case specific. In the case of encryption, there is no way for the application to know whether the dereferenced encrypted encryption key is what the document author actually intended. If it's not, however, the worst that would happen is that encrypted data would not decrypt. Given this, I believe the following things should be done: - The use of Document.getElementById and the potential issue caused by the lack of a strong guarantee on ID uniqueness should be documented. - The documentation for XMLSignature and all the examples should be updated to make it clear that the user of the library needs to check that what they thought was covered by the signature actually was. - Attempting to update the examples in this way will make it clear that better APIs need to be provided to expose the content indicated by s. In addition, given the manner in which the IdResolver currently works, I believe it could be done away with entirely. The IdResolver.registerElementById method could simply be replaced by the appropriate Element.setIdAttribute* method. Doing so would remove a potentially large in-memory data structure as well as various synchronization points that currently prevent concurrent ID resolutions. -- Chad La Joie www.itumi.biz trusted identities, delivered