Lists Home |
Date Index |
On Sun, 2002-03-03 at 11:23, Elliotte Rusty Harold wrote:
> Simple. Canonical XML knows nothing about XInclude. (Actually, it's
> based on XPath 1.0, which also knows nothing about XInclude.) When a
> canonicalizer is presented with a document in which some elements
> look like <xinclude:include href="someURL"/> it treats these elements
> exactly like it treats any other element. It associates no special
> semantics with them. It most definitely does *not* resolve XIncludes.
> You may, perhaps, choose to resolve the XIncludes in document A, thus
> producing a new document B. You may then canonicalize document B.
> However, what you get is *not* the canonical form of document A. It
> is the canonical form of the new document B. (These would only be
> equal in the trivially uninteresting case where document A does not
> contain any XInclude elements.)
That makes perfect sense to me.
I worry, however that it interferes with the stated mission of Canonical
Any XML document is part of a set of XML documents that are logically
equivalent within an application context, but which vary in physical
representation based on syntactic changes permitted by XML 1.0 [XML] and
Namespaces in XML [Names]. This specification describes a method for
generating a physical representation, the canonical form, of an XML
document that accounts for the permissible changes.
The crux of the issue seems to rest on whether XInclude's role as "a
generic mechanism for merging XML documents (as represented by their
information sets) for use by applications that need such a facility"
affects "logical equivalence".
By your reading of the spec (which I find reasonable), it doesn't.
By my understanding of how canonicalization is supposed to be used in
conjunction with signatures and other security measures, it seems like a
very strange hole in the fabric.
Perhaps we need to define a super-canonicalization, which describes
canonicalization after all infosets specified by a document and its
XInclude elements have been merged.
(Throw in the schema-centric canonicalization and exclusive
canonicalization, and I worry that we really need some kind of canonical
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!