<trackbot> Date: 16 September 2008
<scribe> Scribe: Juan Carlos Cruellas
<fjh> XSL membership list, w3c member only ,
<scribe> Agenda:
fjh: kindly asks to write also at the chat after speaking.
2) Joint discussion with XSL WG members regarding XPath
fjh: focus of this meeting: how
to select nodes from a nodeset to increase performance
... we want to figure out what we may do as a minimum as a
profile of XPath for XML sign
MSM: do you intend to use XPath for selecting what nodes to sign/encrypt?
<MoZ> XPointer is your friend
fjh: yes, it is for selecting a
subset of what is referenced by an URI.
... we talked of XPointer but we thought that it was not
pratik: Select a subset of XPath worth for streaming....but not exclude useful use cases
fjh: namespaces prefixes and XPath, it is not clear if it is an issue.
MichaelKay: in the basic data model in 1.0 allows each node its own namespaces, and there is not much to be done in XPath 2 to deal with namespaces
<tlr> sharon: no formal profiles
fjh: what kind of profiles for XPath 2.0....
? There are not official profiles, but some profiles made by some groups.
scribe: in XPath, each node has its inscope namespace declartaion.
The impact is not at the XPath level.
?: If you use tools that are aware of ns undeclaration you may end up...
...with a node that in one subtree has ns but does not have it in another one.
<klanz2> I sense the real problem with namespace undeclarations, lies in the namespace fix-up performed in c14n and that the absence of a namespace declaration actually should reflect that it has been removed
scribe: you should be clear whether ns undeclaration has to be taken into account
Pratik: we need to be able to
select multiple subtrees, but also some exclusions ....
... we have a list of subtrees, and a list of exclusion
subtrees and the result would be what is signed...
Pratik: I would not say that we
have the requirement of signing a single attribute or a single
element ....
... not requirement for very complex subsets.
Mike_Kay: XPath does not select
subtrees, but nodes...
... one common missperception of XPath is precisely the
selection of subtrees...
Mike_Kay: you could make a query for selecting subtrees but then you are into another territory (not in the node selection one).
<fjh> Mike_Kay: can select nodes and then select nodes to exclude then perform operation to combine
klanz2: XPath is not defined for
XML 1.1 and also the absence of ns undeclaration...
... the real problem deals with the way that xmldsig perceives
the node set, as something that is transformed, not only
? XPath defines a data model. ....and it would be possible to define a mapping from XML 1.1 to that data model.
Henry: there was an doc published
for making XML 1.1 mapping to XPath 1.0
... although there was never a second document.
<klanz2> Eventually, what we would need is namespace undeclarations in XML 1.0, sort of so that it would be defined for XPath 1.0 ...
Henry_Zongaro: specify mapping of XML 1.1 and XML 1.1 namespaces to Xpath 1.0.
klanz2: the future of XML 1.1 is
uncertain.. in addition the output of a XPath selection allows
you to throw out the namespaces nodes....
... this might be interpreted as a namespace may be thrown from
the node set...
Mike_Kay: would an errata be worth to be produced for bringing the ns undeclaration in 1.0?
as I understand it ns 1.1 only affect xml 1.1
scribe: at the moment, the right behaviour is to account that at present there are two sets ....
Hal: three separate concerns:
1. we use xpath for two things: transforms that may modify (select, fi)...
separately we have canonicalization that is also impacted by xpath
scribe: in the selection, we would like to make undeclaration ns to work properly.
<klanz2> @hal: not to forget qname in content problems ... ,-)
scribe: and in canonicalization,
we also deal with inclusive and exclusive canonicalization...
in this last one, ns undeclaration could be a tool for dealing
with these undesired ns
... the third concern is that we have some performances
measures that say that if we keep the ns in the nodes, the time
is double....
... I would not mix them up...
Pratik: a bit more on requirements. The main one is to sign a part of a document...
Pratik: if we go step back and
realize that we want to sign a subtree and make some
exclusions, it might be no so complicated...
... but if have a xpath followed by a canonicalization it is
difficult to deal with it without having ns nodes in
fjh: three questions. Perhaps
XPath is not the right tool for what we are trying to do?
... Frederick, could you please add the other two
Streaming and profiling are the other questions.
?: Profiling: we are undertaking this work.
Mike_Kau: streaming. several
attempts of implementing parts of XPath in streaming...
... but this required pretty sophisticated
fi. identity constraints in XML schema...
which is a small part of XPath.
....problem: finding the balance between functionality on one
side and usability on the other....
... another attempt in xml schema 1.1 for doing
for those, please?
....problem: think that in xslt we will end up with some
profile related to parts that might be streamed.
... concerned if each WG has its own view on trade-off between
efficiency and usability: ....
....problem: if each group specifies its own subset, it would
not be in the benefit of users community
fjh: is xpath the right alternative for what we are looking for?
?: Michael mentioned that it seems from what yo said that you need a transformation technology more than a selection technology
thomas: there are two specs related to XPath: the XPath rec and the XPath filter rec...
Mohamed: you do not want to
select nodes, you want to select subtrees...
... and in these last ones, you want to exclude some
... and this is not managed by Xpath...
... if the use case is simple, it is doable, but if you want to
do something more complicated (information on the selection
nodes, fi) then streaming would be complicated...
?: Only xsl wg will meet in Prague.
Sharon: after that meeting in Prague, it could be possible to join by telco with the xmlsec wg.
klanz2: what is your view regarding serialization when ns have been removed?
what shall be the implication in the serialization of an absence of a ns in a nodeset?
fjh: thank you very much to xsl wg for joining this call.
<klanz2> thank you very much
Pratik: analyze the two subsets that they mentioned (two streaming subsets)
fjh: we should look at those subsets...
Subu joins. Not able to join before because the call was full.
subu: followed the notes on the irc.
fjh: konrad, what did you get on ns...
kl: know that you can remove ns
from the nodes, and the semantics of a ns not being in a node
set is completely undefined
... and xml canon still has teh problem of what to do with
these ns nodes...
tlr: a. we need figure out what subset we need , we need to look undeclaration scenario ...
to understand what we need and where things are broken now
scribe: looking examples of undeclaration and check what happens now...
kl: we did deal with streaming...
Hal: streaming and performance are not exactly the same...
fjh: we need the two links to that stuff.
3) Liaisons and Coordination
<fjh> TPAC EXI 2-2:30 Monday 20 October
XML Core: some more discussion on namespaces prefix undeclaration...
fjh: scheduling a joint meeting with xproc
23 september.
RESOLUTION: minutes of 9 Sept 2008 were approved
Draft updated
fjh: concerns from Scott...
... are you planning to implement the changes in the new
... another change thomas to update the status of the
Draft publication plan: brad implements the changes, publish it and we approve at the next call the draft
scribe: is that agreeable?
... propose to make a Resolution at the next call, assuming
that the changes are OK.
fjh: there are some req on web services and security....hal?
<fjh> hal noted concern over edge cases, which could cause differing validation results
fjh: thread of discussions...
do we need clarification for decrypt? and other questions...
?: main issue there is not a rule mentioning the encoding of X509 cert apart from bse64...
scribe: I assume that it might be something missing in the spec that could be added....
scantor: clarity is crucial...
<klanz2> is RECOMMENDED to be DER encoded?
scantor: if the spec wants to be open and allow different things, readers must be clearly informed in the spec.
jwray: decoding should not be a problem...
scantor: looking for guidance in the spec...
fjh: maybe as konrad mentioned this could be more a best practice?
sorry: I have quite a lot of delay...
kl: a recommendation would be worth...
kl: but we should not rule out anything else...
hal: there are also elements that are not certs,....
konrad: similar strategy for canonicalization...when you generate signatures, we recommend somethihng...
fjh: ...and we also not e that when verifying use libraries that deal with them...
tlr: what is the gain of having this done?
tlr: from what I have heard there is not an interoperability issue here?.
fjh: it seems that there are other groups that need some help after reading the spec.
tlr: then maybe is an issue of best practices...
scantor: scanned for syntactical issues that should be fixed.
conclusion: scot had what he required, but some more material could be added in the best practices (cryptobinary vs base64, fi).
scantor: keep the issue open....
kl: two items from previous discussion: there is a serialization nodeset defined in xpath.
kl: xsl wg mentioned that serialization algorithm in XPath could be useful for us.
No discussion
fjh: please take a look to the list of open actions...
