guid
Security
Release Notes
attachGoldenThread
cast
copy
cutGoldenThread
cwu
delete
dpml
dump
entrypoint
exists
expire
fls
guid
hotRestart
HTTPCookie
HTTPRedirect
isUnix
locationToXPath
lock/unlock
log
loglevel
luceneIndex
luceneSearch
mapper
mapper-export
md5
mls
netkernel:*
new
Orchextra
org.ten60.util.aspell
org.ten60.util.image.SVG2PNG
org.ten60.util.image.Text2PNG
org.ten60.util.image.xchart
plainTextToXHTML
regex
relativizeURI
requestWithArgs
resolveURI
serialize
sleep
sqlBatch
sqlBooleanQuery
SQLEncodeElement
SQLEscapeXML
sqlQuery
sqlUpdate
stm
stopWatch
StringToCanonicalString
throw
toRelaxNG
trace
validateDTD
validateRNG
validateSchematron
validateXSD
xacml
xform
XHREFlinker
XHTMLredirect
XHTMLTidy
xinclude
xmltidy
xpatheval
xpur
xquery
xrl
xsign
xslfo-fop
xslfo-fop
xslt
xverify
License
Change History
NetKernel History
Acknowledgements
URA Reference

guid

Used to generate a Globally Unique Identifier

Definition

Format

<instr>
  <type>guid</type>
  <operand>foo.xml</operand>
  <target>this:response</target>
</instr>

Syntax

ElementRulesDescription
typeMandatory guid
operandOptional optional an optional seed document
operatorOptional n/a
paramOptional n/a
targetOptional Fragment OKrequired the target resource

The guid accessor generates a pseudo-unique guid. The result is a document with a root element <guid> containing the identifier. Here is an example:

<guid>799E740CDD625D1E178328737EDFD493</guid>

Note: The guid accessor generates the guid based upon a set of pseudo-random inputs, including an optional seed operand document. It has not been certified to generate a guaranteed globally unique ID. However for applications that require convenient session tokens and which provide unique seed documents the generated guids will be locally unique.

If your application requires truely globally unique ID's we recommend you customize the guid accessor.

Security

The guid accessor like all security technologies should be treated with care. If the following precautions are observed the guid accessor provides a convenient trustworthy security tool.

Concurrency

The dexter kernel allows concurrent execution of xml applications. In this first version of the kernel there is no application isolation. Therefore the potential exists for a malicious xml application to attempt to view the variables and data of another application.

It is perfectly possible to create xml security applications on the dexter kernel, just ensure that they are executed in isolation in a known clean instance of the kernel runtime. Any application that is performing security critical operations should be deployed in a clean application space (the xapp/ directory) which only contains trusted xml applications. The kernel should also be configured to limit concurrency with appropriate configuration of transports and system.xml properties.

The default demonstraion xapp/ xml application space is not trustworthy for a secure application. Create a clean space of your own and configure the kernel to use your application space by setting <xappPath> in the system.xml configuration document.

Future versions of the dexter kernel will support full access control and provide complete application isolation.

Example

Create a session token

This crude example shows how the guid accessor can be used to generate a session token from the param submitted to the idoc. We don't recommend sending the result to the response, it is more usual to take the guid generated and place in a cookie or other session state mechanism!

<instr>
  <type>guid</type>
  <operand>param: </operand>
  <target>this:response</target>
</instr>

References

md5 URA

(C) 2003, 1060 Research Limited
© 2003,2004, 1060® Research Limited
1060 registered trademark, NetKernel trademark of 1060 Research Limited