[xmlsec] Using different ID type atttributes for sig references efficiently

Daniel Veillard veillard at redhat.com
Fri Aug 26 03:33:55 PDT 2005

On Fri, Aug 26, 2005 at 11:08:43AM +0100, melissa collins wrote:
> I want to verify signatures that use different types of ID attributes,
> e.g. wsu:id, saml:AssertionId etc. in the signature references.
> I need to get the API to understand these as ID-type attributes
> programatically, i.e. I cannot use a DTD.

  If there is no DTD or schemas or the attribute are not named xml:id
then from an XML perspective they are not ID and expecting to have
them processed as such will be more complex, more expensive and not
portable, that should be cristal clear. What you are trying to do
is broken from an XML/DTD/Schemas/XMLSec persepective and is likely
to bite you back later when you really don't want to. 
  That said ...

> I see the xmlAddID() function, however, in order to call this function
> I need to find the node(s) with the attribute of non-standard ID-type.
> What I really need is a method that you pass the "id name" and "id
> namespace" into and that's it. Would prefer not to have to search each
> document for nodes with a certain attribute name, and then call
> xmlAddID().
> Is there a better approach to this that you could recommend ??? 

  Not really. The fact that the attribute is an ID being unknown to the
parser, then the only way to fill up the document ID table is by scanning
the document and registering the IDs.
  The only way to do this automatically from the libxml2 API that I can
think of would be to a post validation of the document with a DTD or a
schemas which defines the attributes as being ID. Just scanning the document
and registering the IDs is likely to be simpler and faster.


Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

More information about the xmlsec mailing list