ISSUE-58: Clarify c14n11 handling of xml: namespace declarations

xml-namespace-handling

Clarify c14n11 handling of xml: namespace declarations

State:
CLOSED
Product:
Errata-C14N
Raised by:
Frederick Hirsch
Opened on:
2008-10-02
Description:
From: hoylen <hoylen@hoylen.com>
> Date: 1 October 2008 05:04:23 BST
> To: tlr@w3.org
> Subject: XML Canonicalization and "xml:" XML namespace declarations
>
> Thomas,
>
> I couldn't figure out from the XML Security Working Group's public
> Web page
> how the public can contact the WG (or if the WG even wants such
> input). So
> I'm sending this email to you. If there is an appropriate place to
> raise
> this issue, then please do so; otherwise, you may ignore it.
>
>
> In its maintenance of the XML Canonicalization and Exclusive XML
> Canonicalization specifications, could the Working Group please
> explicitly
> clarify how declarations of the "xml:" XML namespace are to be
> handled?
> That is, occurrences of xmlns:xml="http://www.w3.org/XML/1998/namespace
> ".
>
> The unique behaviour of the XML namespace makes the interpretation
> of the
> canonicalization rules ambiguous. The unique behaviour comes from
> section
> 3 of Namespaces in XML 1.0 (Second Edition) [1] where it says: "It
> may, but
> need not, be declared, and must not be bound to any other namespace
> name."
>
>
>
> Consider a source XML document, which we will call S0:
> S0: <a><b><c xml:id="C"/></b></a>
>
> If we wanted the canonicalized form of the document subset /a/b,
> there are
> four possible forms:
>
> C0: <b><c xml:id="C"></c></b>
> C1: <b><c xmlns:xml="http://www.w3.org/XML/1998/namespace"
> xml:id="C"></c></b>
> C2: <b xmlns:xml="http://www.w3.org/XML/1998/namespace"><c
> xml:id="C"></c></b>
> C3: <b xmlns:xml="http://www.w3.org/XML/1998/namespace"><c
> xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:id="C"></c></b>
>
> Canonical XML Version 1.1 implies (through an example) that the
> canonical
> form of S0 is C0. However, I have seen an implementation use C1 as
> the
> canonical form -- I think this is incorrect, but cannot point to
> anything
> in the specification that says it is wrong.
>
>
>
> Consider another source XML document, which we will call S4:
> S4: <a xmlns:xml="http://www.w3.org/XML/1998/namespace"><b><c
> xml:id="C"/></b></a>
>
> The Canonical XML Version 1.1 Recommendation could mean that the
> canonical
> form of a/b from S4 is C2. It could also be interpreted as C0. It is
> ambiguous how the statement that "it may, but not need, be declared"
> is to
> be interpreted in the context of canonicalization.
>
>
>
> Consider another source XML document, which we will call S1:
> S1: <a><b><c xmlns:xml="http://www.w3.org/XML/1998/namespace"
> xml:id="C"/></b></a>
>
> Is the canonical form of /a/b form of S1 represented by C0, C1, C2
> or C3?
>
>
>
>
> The Canonical XML specification needs to be explicitly clear which
> is the
> canonical form when declarations of the XML namespace is involved.
>
> I suggest that a normative rule be explicitly stated that: xmlns:xml
> declarations must NOT appear anywhere in the canonical XML. So C0 is
> always the canonical form for all the examples mentioned in this
> email.
>
> This should also apply to Exclusive XML Canonicalization too.
>
> Thanks.
>
> Hoylen
>
>
> P.S. The above example documents were drawn from a set of 8 possible
> combinations. Some of these other documents are useful when
> considering the
> rules for the behaviour of Exclusive XML Canonicalization.
>
> <!ENTITY X "xmlns:xml='http://www.w3.org/XML/1998/namespace'">
>
> S0: <a ><b ><c xml:id="C"/></b></a>
> S1: <a ><b ><c &X; xml:id="C"/></b></a>
> S2: <a ><b &X;><c xml:id="C"/></b></a>
> S3: <a ><b &X;><c &X; xml:id="C"/></b></a>
> S4: <a &X;><b ><c xml:id="C"/></b></a>
> S5: <a &X;><b ><c &X; xml:id="C"/></b></a>
> S6: <a &X;><b &X;><c xml:id="C"/></b></a>
> S7: <a &X;><b &X;><c &X; xml:id="C"/></b></a>
>
>
> [1] <http://www.w3.org/TR/2006/REC-xml-names-20060816/>
> --
> hoylen@hoylen.com -- Hoylen Sue
>
Related Actions Items:
Related emails:
  1. 10 March Draft Minutes (from RDMILLER@mitre.org on 2009-03-10)
  2. Agenda: Distributed meeting 2009-03-10 v2 (from Frederick.Hirsch@nokia.com on 2009-03-09)
  3. RE: Agenda: Distributed meeting 2009-03-10 (from Frederick.Hirsch@nokia.com on 2009-03-07)
  4. Re: Agenda: Distributed meeting 2009-03-10 (from pratik.datta@oracle.com on 2009-03-06)
  5. Agenda: Distributed meeting 2009-03-10 (from Frederick.Hirsch@nokia.com on 2009-03-06)
  6. ISSUE-58 should be closed (from Konrad.Lanz@iaik.tugraz.at on 2009-02-24)
  7. Re: Agenda: Distributed meeting 2008-10-07 v3 (from Sean.Mullan@Sun.COM on 2008-10-07)
  8. Agenda: Distributed meeting 2008-10-07 v3 (from frederick.hirsch@nokia.com on 2008-10-06)
  9. Agenda: Distributed meeting 2008-10-07 v2 (from frederick.hirsch@nokia.com on 2008-10-02)
  10. ISSUE-58 (xml-namespace-handling): Handling of xml: namespace declarations [Errata-C14N] (from sysbot+tracker@w3.org on 2008-10-02)

Related notes:

Close http://www.w3.org/2008/xmlsec/track/issues/58 with reference to
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0038.html and
http://lists.w3.org/Archives/Public/public-xmlsec/2008Oct/0040.html .

see http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0115.html

Frederick Hirsch, 3 Mar 2009, 01:24:22

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 58.html,v 1.1 2017/01/10 16:24:53 carine Exp $