[xmlsec] Usage of reference URI and "Id"

Aleksey Sanin aleksey at aleksey.com
Wed Jun 19 10:50:29 PDT 2002

Hi, Sascha!

After few coffein drinks I found a solution, implemented and checked it
into CVS. You can grab changes directly from Gnome CVS or wait till nightly
tar-ball. Now you have two possible ways to get the functionality you need:
    1) ("clear" way) Load document *and* DTD for it (ID attributes names are
    specified in the DTD so in order to process the IDs correctly you have
    to use DTD). After this everything should work "as-is".
    2) ("durty" way) If you have no DTD then you can  register your ID
    attribute name using xmlSecAddIdAttributeName(const xmlChar *id)
    function from xmlsec/xmltree.h file:
    The downsides are:
        - the list is shared by all threads
        - small performance penalty (xmlsec will check for all Ids in 
the list,
        in your case this will be "Id" and "id")
        - may produce incorrect results in some cases (if you have "id" 
as unique
        ID attribute and "Id" as something else)


Aleksey Sanin wrote:

> Hi, Sascha!
> XML 1.0 does define the ID attribute type but not the name of the 
> attribute.
> XML Digital Signature uses "Id" and I incorrectly assumed that everyone
> else is also using "Id" :) However, it may not be the case and you can 
> use
> any name "id", "ID", "this_is_my_id", etc. This is defenetly a bug in 
> xmlsec
> and I will fix it (but righnt now I am not sure, how can I do it :) ).
> Will you mind to file a bug about this in bugzilla 
> http://bugzilla.gnome.org/buglist.cgi?product=xmlsec
> please? It'll be a good reminder for me :)
> Thanks,
> Aleksey
> Sascha Breite wrote:
>> Dear Aleksey,
>> I am using your xmlsec library on a WIN32 system. Step by step I get a
>> better understandig of how it works. But I have a simple question:
>> I try to verify a XML document with an internal reference 
>> URI="#12345". But
>> the document node is identified by
>>     <MyNode id="12345">...</MyNode>...<Reference URI="#12345"/>...
>> and not by
>>     <MyNode Id="12345">...</MyNode>...<Reference URI="#12345"/>...
>> The difference is in "id" and "Id" (upper case 'i'). 
>> xmlSecDSigValidate()
>> will fail, because "id" wouldn't match with "Id". In the xmlsec 
>> sources I
>> changed "Id" to "id" and now it is working fine.
>> But is this the right way? Or is there a "bug" inside the signed 
>> document,
>> which uses "id"? Or should xmlSecDSigValidate() accept "id", "Id" and 
>> (why
>> not?) "ID"? I am not sure about what W3C's "XML-Signature Syntax and
>> Processing" is saying about this...
>> Thanks for your answer!
>> Kindly regards,
>> Sascha Breite
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list