The case of "id" attribute when signing an element in a XML file
Is the case of the "id" attribute important, when creating a reference to an element for digital signing following xml-dsig standard?
I've seen attributes named "ID", "Id" and "id" and some software packages have trouble finding the correct element/node for different forms.
Also following various specs and schemas, there are different id attributes expected.
For sure the a开发者_开发问答ttribute must be named "id", but is the case specified or are there only recommendations?
The essential problem is two-fold. First, as you know, XML is case-sensitive.
Second, XML does not "define" the name of an ID attribute. Unlike HTML which says elements may have an 'id' attribute, XML by itself does not. There is the concept of an xs:ID
type, but the name of the attribute (e.g., ID
, Id
, id
, or myIdentifier
) is not provided by default.
For reference see W3C How should the problem of identifying ID semantics ... be addressed...?.
So, some parsing software assumes id
, some assume any of id
, ID
, Id
, some assume none.
More specifically, I typically see the usage of ID
in SAML signing. The commonly used command xmlsec1
does not identify a name to use, so you have to. For example:
xmlsec1 --decrypt --privkey-pem /foo/key.pem --id-attr:ID EncryptedKey my.xml
tells xmlsec1 to declare the named ID
attribute, on EncryptedKey
nodes (only) to be a known xs:ID attribute. It appears to additive: you can do mulitiple:
xmlsec1 --decrypt ... --id-attr:Id EncryptedKey --id-attr:ID EncryptedKey --id-attr:id EncryptedKey
will use any on EncryptedKey nodes.
(You can declare foobar
to be an xs:ID attribute, and it will work just fine, so if your source XML has something like:
<node foobar="1234"/>
<otherNode URI="#1234"/>
use:
xmlsec1 --id-attr:foobar node ...
(Note: You must know that I am not an xml-dsig expert, so I am only answering as far as XML, DTD and XML Schema are concerned.)
XML is case sensitive, so the case is important and must be the same as in the DTD or Schema which you are using.
Of course if applications use different schemas with different cases, there is a compatibility issue.
I looked at the official W3C specification at http://www.w3.org/TR/xmldsig-core/ and the Schema and DTD seem to specify "Id". Is this the specification you are using?
Also, it might be confusing to know that the corresponding DTD type is "ID" and that there is an XQuery function called "id".
精彩评论