NEW ISSUE: Framework/primer - correct text related to xml:id and canonicalization, update references from Frederick Hirsch on 2008-09-05 (public-ws-policy@w3.org from September 2008)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 5 Sep 2008 11:48:14 -0400
To: public-ws-policy@w3.org
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <1AB38AB8-A3A9-4C47-A317-D1F132810F4B@nokia.com>
I have recorded two new issues in Bugzilla against the Framework and  
Primer Recommendations - proposed errata.
In both cases this includes correction of a note related to C14N11,  
addition of a reference for XML Signature (Second Edition),  
correction of the C14N11 reference and removal of [SecSpecMaintWG]  
reference.


http://www.w3.org/Bugs/Public/show_bug.cgi?id=6029

            Summary: Note on using xml:id should reference Canonical  
XML 1.1
                     and XML Signature, Second Edition
            Product: WS-Policy
            Version: PR
           Platform: Macintosh
                URL: http://www.w3.org/TR/2007/REC-ws-policy-
                     20070904/#Policy_Identification
         OS/Version: MacOS X
             Status: NEW
           Severity: normal
           Priority: P1
          Component: Framework
         AssignedTo: fsasaki@w3.org
         ReportedBy: frederick.hirsch@nokia.com
          QAContact: public-ws-policy-qa@w3.org


Title - Note on using xml:id should reference Canonical XML 1.1 and XML
Signature, Second Edition

Description/Justification

Currently section 4.2, Policy Identification contains a note that use of
Canonical XML 1.0 with xml:id is not appropriate. This is correct.

It has an additional Note that Canonical XML 1.1 is intended to  
address this
and that the XML Security Specifications Maintenance WG has been  
chartered to
investigate. This is no longer accurate since Canonical XML 11 has been
released as a Recommendation as has XML Signature (Second Edition).

Target - framework

Proposal

Create Proposed Errata against Framework document.

(Part 1) Replace the following text in section 4.2, Policy  
Identification:
---
Note:
Canonical XML 1.1 [C14N11] is intended to address the issues that  
occur with
Canonical XML 1.0 with regards to xml:id. The W3C XML Security  
Specifications
Maintenance WG has been chartered to address how to integrate  
Canonical XML 1.1
with XML Security, including XML Signature [SecSpecMaintWG] (See
http://www.w3.org/2007/xmlsec/.)
---
With the following text:
---
Note that is is acceptable to sign a policy expression identified  
using xml:id
with XML SIgnature (Second Edition) [XML-Signature-2ndEdition] and  
Canonical
XML 1.1 [C14N11], as these recommendations  address issues related to  
the use
of xml:id and xml:base.
---
(Part 2)
Update the reference to C14N11 in Appendix B.2.

Replace the following:
---
  Canonical XML 1.1, J. Boyer and G. Marcy Authors. W3C Candidate
Recommendation, 21 June 2007. This is a work in progress. This  
version is
available at http://www.w3.org/TR/2007/CR-xml-c14n11-20070621. The  
latest
version of Canonical XML 1.1 is available at http://www.w3.org/TR// 
xml-c14n11/.
---
with

  Canonical XML 1.1, J. Boyer and G. Marcy Authors. W3C  
Recommendation, 2 May
2008.  This version is available at
http://www.w3.org/TR/2008/REC-xml-c14n11-20080502. The latest version of
Canonical XML 1.1 is available at http://www.w3.org/TR//xml-c14n11/.

---

(Part 3)
Add a reference to Appendix B.2 for XML Signature (Second Edition)  
after the
reference to [XMLSignature]:
----
[XML-Signature-2ndEdition] XML Signature Syntax and Processing, D.  
Eastlake, J.
Reagle, D. Solo, F. Hirsch, and  T. Roessler Editors.  W3C  
Recommendation, 10
June 2008. This version of the XML Signature Syntax and Processing
Recommendation is http://www.w3.org/TR/2008/REC-xmldsig- 
core-20080610/. The
latest version of XML-Signature Syntax and Processing is available at
http://www.w3.org/TR/xmldsig-core/.
----
(note removal of hyphen in title in Second Edition)

---
(Part 4) Remove [SecSpecMaintWG] reference.
---

http://www.w3.org/Bugs/Public/show_bug.cgi?id=6030

            Summary: Note on using xml:id should reference Canonical  
XML 1.1
                     and XML Signature, Second Edition
            Product: WS-Policy
            Version: PR
           Platform: Macintosh
                URL: http://www.w3.org/TR/2007/NOTE-ws-policy-primer-
                     20071112/#Referencing_Policy_Expressions
         OS/Version: MacOS X
             Status: NEW
           Severity: normal
           Priority: P2
          Component: Primer
         AssignedTo: fsasaki@w3.org
         ReportedBy: frederick.hirsch@nokia.com
          QAContact: public-ws-policy-qa@w3.org


Section 2.10 Referencing Policy Expressions after example 2.16 has  
same issue
as framework, note needs to be replaced.

Description/Justification

Currently Section 2.10 Referencing Policy Expressions after example 2.16
contains a note that use of
Canonical XML 1.0 with xml:id is not appropriate. This is correct.

It has an additional Note that Canonical XML 1.1 is intended to  
address this
and that the XML Security Specifications Maintenance WG has been  
chartered to
investigate. This is no longer accurate since Canonical XML 11 has been
released as a Recommendation as has XML Signature (Second Edition).

Target - primer

Proposal

Create Proposed Errata against Primer document.

(Part 1) Replace the following text in Section 2.10 Referencing Policy
Expressions after example 2.16:
---
Note:
Canonical XML 1.1 [C14N11] is intended to address the issues that  
occur with
Canonical XML 1.0 with regards to xml:id. The W3C XML Security  
Specifications
Maintenance WG has been chartered to address how to integrate  
Canonical XML 1.1
with XML Security, including XML Signature [SecSpecMaintWG] (See
http://www.w3.org/2007/xmlsec/.)
---
With the following text:
---
Note that is is acceptable to sign a policy expression identified  
using xml:id
with XML SIgnature (Second Edition) [XML-Signature-2ndEdition] and  
Canonical
XML 1.1 [C14N11], as these recommendations  address issues related to  
the use
of xml:id and xml:base.
---
(Part 2)
Update the reference to C14N11 in Appendix C.

Replace the following:
---
  Canonical XML 1.1, J. Boyer and G. Marcy Authors. W3C Candidate
Recommendation, 21 June 2007. This is a work in progress. This  
version is
available at http://www.w3.org/TR/2007/CR-xml-c14n11-20070621. The  
latest
version of Canonical XML 1.1 is available at http://www.w3.org/TR// 
xml-c14n11/.
---
with

  Canonical XML 1.1, J. Boyer and G. Marcy Authors. W3C  
Recommendation, 2 May
2008.  This version is available at
http://www.w3.org/TR/2008/REC-xml-c14n11-20080502. The latest version of
Canonical XML 1.1 is available at http://www.w3.org/TR//xml-c14n11/.

---

(Part 3)
Add a reference to Appendix C for XML Signature (Second Edition) :
----
[XML-Signature-2ndEdition] XML Signature Syntax and Processing, D.  
Eastlake, J.
Reagle, D. Solo, F. Hirsch, and  T. Roessler Editors.  W3C  
Recommendation, 10
June 2008. This version of the XML Signature Syntax and Processing
Recommendation is http://www.w3.org/TR/2008/REC-xmldsig- 
core-20080610/. The
latest version of XML-Signature Syntax and Processing is available at
http://www.w3.org/TR/xmldsig-core/.
----
(note removal of hyphen in title in Second Edition)

---
(Part 4) Remove [SecSpecMaintWG] reference.
----


regards, Frederick

Frederick Hirsch
Nokia
Received on Friday, 5 September 2008 15:49:07 UTC