ISSUE-58: Clarify c14n11 handling of xml: namespace declarations
xml-namespace-handling
Clarify c14n11 handling of xml: namespace declarations
- State:
- CLOSED
- Product:
- Errata-C14N
- Raised by:
- Frederick Hirsch
- Opened on:
- 2008-10-02
- Description:
- From: hoylen <hoylen@hoylen.com>
> Date: 1 October 2008 05:04:23 BST
> To: tlr@w3.org
> Subject: XML Canonicalization and "xml:" XML namespace declarations
>
> Thomas,
>
> I couldn't figure out from the XML Security Working Group's public
> Web page
> how the public can contact the WG (or if the WG even wants such
> input). So
> I'm sending this email to you. If there is an appropriate place to
> raise
> this issue, then please do so; otherwise, you may ignore it.
>
>
> In its maintenance of the XML Canonicalization and Exclusive XML
> Canonicalization specifications, could the Working Group please
> explicitly
> clarify how declarations of the "xml:" XML namespace are to be
> handled?
> That is, occurrences of xmlns:xml="http://www.w3.org/XML/1998/namespace
> ".
>
> The unique behaviour of the XML namespace makes the interpretation
> of the
> canonicalization rules ambiguous. The unique behaviour comes from
> section
> 3 of Namespaces in XML 1.0 (Second Edition) [1] where it says: "It
> may, but
> need not, be declared, and must not be bound to any other namespace
> name."
>
>
>
> Consider a source XML document, which we will call S0:
> S0: <a><b><c xml:id="C"/></b></a>
>
> If we wanted the canonicalized form of the document subset /a/b,
> there are
> four possible forms:
>
> C0: <b><c xml:id="C"></c></b>
> C1: <b><c xmlns:xml="http://www.w3.org/XML/1998/namespace"
> xml:id="C"></c></b>
> C2: <b xmlns:xml="http://www.w3.org/XML/1998/namespace"><c
> xml:id="C"></c></b>
> C3: <b xmlns:xml="http://www.w3.org/XML/1998/namespace"><c
> xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:id="C"></c></b>
>
> Canonical XML Version 1.1 implies (through an example) that the
> canonical
> form of S0 is C0. However, I have seen an implementation use C1 as
> the
> canonical form -- I think this is incorrect, but cannot point to
> anything
> in the specification that says it is wrong.
>
>
>
> Consider another source XML document, which we will call S4:
> S4: <a xmlns:xml="http://www.w3.org/XML/1998/namespace"><b><c
> xml:id="C"/></b></a>
>
> The Canonical XML Version 1.1 Recommendation could mean that the
> canonical
> form of a/b from S4 is C2. It could also be interpreted as C0. It is
> ambiguous how the statement that "it may, but not need, be declared"
> is to
> be interpreted in the context of canonicalization.
>
>
>
> Consider another source XML document, which we will call S1:
> S1: <a><b><c xmlns:xml="http://www.w3.org/XML/1998/namespace"
> xml:id="C"/></b></a>
>
> Is the canonical form of /a/b form of S1 represented by C0, C1, C2
> or C3?
>
>
>
>
> The Canonical XML specification needs to be explicitly clear which
> is the
> canonical form when declarations of the XML namespace is involved.
>
> I suggest that a normative rule be explicitly stated that: xmlns:xml
> declarations must NOT appear anywhere in the canonical XML. So C0 is
> always the canonical form for all the examples mentioned in this
> email.
>
> This should also apply to Exclusive XML Canonicalization too.
>
> Thanks.
>
> Hoylen
>
>
> P.S. The above example documents were drawn from a set of 8 possible
> combinations. Some of these other documents are useful when
> considering the
> rules for the behaviour of Exclusive XML Canonicalization.
>
> <!ENTITY X "xmlns:xml='http://www.w3.org/XML/1998/namespace'">
>
> S0: <a ><b ><c xml:id="C"/></b></a>
> S1: <a ><b ><c &X; xml:id="C"/></b></a>
> S2: <a ><b &X;><c xml:id="C"/></b></a>
> S3: <a ><b &X;><c &X; xml:id="C"/></b></a>
> S4: <a &X;><b ><c xml:id="C"/></b></a>
> S5: <a &X;><b ><c &X; xml:id="C"/></b></a>
> S6: <a &X;><b &X;><c xml:id="C"/></b></a>
> S7: <a &X;><b &X;><c &X; xml:id="C"/></b></a>
>
>
> [1] <http://www.w3.org/TR/2006/REC-xml-names-20060816/>
> --
> hoylen@hoylen.com -- Hoylen Sue
> - Related Actions Items:
ACTION-81 on Konrad Lanz to Provide draft answer to hoylen, http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0003.html - due 2008-10-14, closed- Related emails:
- 10 March Draft Minutes (from RDMILLER@mitre.org on 2009-03-10)
- Agenda: Distributed meeting 2009-03-10 v2 (from Frederick.Hirsch@nokia.com on 2009-03-09)
- RE: Agenda: Distributed meeting 2009-03-10 (from Frederick.Hirsch@nokia.com on 2009-03-07)
- Re: Agenda: Distributed meeting 2009-03-10 (from pratik.datta@oracle.com on 2009-03-06)
- Agenda: Distributed meeting 2009-03-10 (from Frederick.Hirsch@nokia.com on 2009-03-06)
- ISSUE-58 should be closed (from Konrad.Lanz@iaik.tugraz.at on 2009-02-24)
- Re: Agenda: Distributed meeting 2008-10-07 v3 (from Sean.Mullan@Sun.COM on 2008-10-07)
- Agenda: Distributed meeting 2008-10-07 v3 (from frederick.hirsch@nokia.com on 2008-10-06)
- Agenda: Distributed meeting 2008-10-07 v2 (from frederick.hirsch@nokia.com on 2008-10-02)
- ISSUE-58 (xml-namespace-handling): Handling of xml: namespace declarations [Errata-C14N] (from sysbot+tracker@w3.org on 2008-10-02)
Related notes:
Close http://www.w3.org/2008/xmlsec/track/issues/58 with reference to
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0038.html and
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0040.html .
see http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0115.html
Display change log