[xmlsec] Usage of reference URI and "Id"
aleksey at aleksey.com
Wed Jun 19 10:50:29 PDT 2002
After few coffein drinks I found a solution, implemented and checked it
into CVS. You can grab changes directly from Gnome CVS or wait till nightly
tar-ball. Now you have two possible ways to get the functionality you need:
1) ("clear" way) Load document *and* DTD for it (ID attributes names are
specified in the DTD so in order to process the IDs correctly you have
to use DTD). After this everything should work "as-is".
2) ("durty" way) If you have no DTD then you can register your ID
attribute name using xmlSecAddIdAttributeName(const xmlChar *id)
function from xmlsec/xmltree.h file:
The downsides are:
- the list is shared by all threads
- small performance penalty (xmlsec will check for all Ids in
in your case this will be "Id" and "id")
- may produce incorrect results in some cases (if you have "id"
ID attribute and "Id" as something else)
Aleksey Sanin wrote:
> Hi, Sascha!
> XML 1.0 does define the ID attribute type but not the name of the
> XML Digital Signature uses "Id" and I incorrectly assumed that everyone
> else is also using "Id" :) However, it may not be the case and you can
> any name "id", "ID", "this_is_my_id", etc. This is defenetly a bug in
> and I will fix it (but righnt now I am not sure, how can I do it :) ).
> Will you mind to file a bug about this in bugzilla
> please? It'll be a good reminder for me :)
> Sascha Breite wrote:
>> Dear Aleksey,
>> I am using your xmlsec library on a WIN32 system. Step by step I get a
>> better understandig of how it works. But I have a simple question:
>> I try to verify a XML document with an internal reference
>> URI="#12345". But
>> the document node is identified by
>> <MyNode id="12345">...</MyNode>...<Reference URI="#12345"/>...
>> and not by
>> <MyNode Id="12345">...</MyNode>...<Reference URI="#12345"/>...
>> The difference is in "id" and "Id" (upper case 'i').
>> will fail, because "id" wouldn't match with "Id". In the xmlsec
>> sources I
>> changed "Id" to "id" and now it is working fine.
>> But is this the right way? Or is there a "bug" inside the signed
>> which uses "id"? Or should xmlSecDSigValidate() accept "id", "Id" and
>> not?) "ID"? I am not sure about what W3C's "XML-Signature Syntax and
>> Processing" is saying about this...
>> Thanks for your answer!
>> Kindly regards,
>> Sascha Breite
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec