Response from the Web Services Policy WG

Hi,

Paul answered me directly. I'm forwarding the answer as it was sent to a
public group.

I think his answer is correct. We only need to mention that the next
process step for the notes is for them to be published as notes. They
don't follow the same process track as W3C recommendations.

-jose

Forwarded message 1

  • From: Paul Cotton <Paul.Cotton@microsoft.com>
  • Date: Wed, 4 Oct 2006 09:58:48 -0700
  • Subject: RE: New C14N/1.1 WD and Web Services Policy 1.5 - Framework (ed. copy)
  • To: "jose.kahan@w3.org" <jose.kahan@w3.org>
  • Cc: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
  • Message-ID: <4D66CCFC0B64BA4BBD79D55F6EBC225719C5333A18@NA-EXMSG-C103.redmond.corp.microsoft> 
The WS-Policy WG has reviewed your email and we believe the heart of the XML Core WG proposal is in the following paragraph:

> You may wish to apply the procedure described in Section 2.2 of the
> dsig-usage note [2] to apply a C14N/1.1 transformation. This could
> help you avoid having to define an alternate xml:id attribute.

The WS-Policy WG does NOT want to remove the usage of wsu:id from our specification due to the following three reasons:

a) Support for wsu:id must not be removed since our charter strongly urges backwards compatibility with existing policy assertions in:
"Web Services Policy should remain compatible with existing policy assertions and offer a smooth migration path for these assertions (where applicable)."

b) Support for wsu:id must not be removed since it is unlikely that WS-Policy CR implementations will include support for xml:id, C14N/1.1 and/or the as yet to be started revised version of XML DSig.

c) Support for wsu:id must not be removed since it is premature to normatively depend on C14N/1.1 or the dsig-usage Note since they have not yet proceeded through CR and the proposed W3C XML DSig revision work has not yet begun (although it is proposed).

The WS-Policy WG is willing to add non-normative references to the C14N/1.1 WD and the dsig-usage Note as guidance to how the problems with xml:id MAY be solved.

Please let us know if you agree with this disposition of your comment.

/paulc
For the WS-Policy WG

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:Paul.Cotton@microsoft.com





> -----Original Message-----
> From: public-ws-policy-request@w3.org [mailto:public-ws-policy-
> request@w3.org] On Behalf Of Jose Kahan
> Sent: September 20, 2006 11:35 AM
> To: public-ws-policy@w3.org
> Subject: New C14N/1.1 WD and Web Services Policy 1.5 - Framework (ed.
> copy)
>
>
> Hello,
>
> I'm writing on behalf of the XML-Core Working Group. We'd like to bring to
> your attention that we have published three C14N related documents and
> welcome
> review to them [1].
>
> Specifically, there is a new Working Draft for C14N/1.1 that takes into
> account different issues related to C14N and the evolution of XML core
> technologies, including xml:id.
>
> In parallel, W3C is working on a charter for a new W3C Working Group that
> would have task of making an editorial revision of XML Signature to make
> mandatory the use of C14N/1.1, thus making it possible to correctly take
> into
> documents that include xml:id attributes. See the related dsig-usage note
> [2] and the thread on the w3c-ietf-xmldsig mailing list [3].
>
> In particular, this work should solve the problem you describe in
> Section 4.2 of the recent Editor's Draft for the Web Services Policy 1.5 -
> Framework [4]:
>
> <quote>
>
> /wsp:Policy/(@wsu:Id | @xml:id)
>
> The identity of the policy expression as an ID within the enclosing XML
> document. If omitted, there is no implied value. To refer to this policy
> expression, an IRI-reference  MAY be formed using this value per Section
> 4.2 of WS-Security [WS-Security 2004] when @wsu:Id is used.
>
> The use of xml:id attribute in conjunction with Canonical XML 1.0 is
> inappropriate as described in Appendix C of xml:id Version 1.0 [XML ID]
> and thus this combination must be avoided (see [C14N 1.0 Note]). For
> example, a policy expression identified using xml:id attribute should not
> be signed using XML Digital Signature when Canonical XML 1.0 is being used
> as the canonicalization method.
>
> </quote>
>
> You may wish to apply the procedure described in Section 2.2 of the
> dsig-usage note [2] to apply a C14N/1.1 transformation. This could help
> you avoid having to define an alternate xml:id attribute.
>
> You can send comments related to the C14N drafts to the following
> public-archived list:
>
>    www-xml-canonicalization-comments@w3.org
>
> Best regards,
>
> -jose
>
> [1]
> http://www.w3.org/2002/02/mid/CF83BAA719FD2C439D25CBB1C9D1D30204ABFCD3@HQ-
> MAIL4.ptcnet.ptc.com
>
> [2] http://www.w3.org/TR/2006/WD-DSig-usage-20060915/
>
> [3]
> http://www.w3.org/2002/02/mid/20060918163151.GO2766@raktajino.does-not-
> exist.org
>
> [4]
> http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-
> framework.html?content-type=text/html;charset=utf-8#Policy_Identification

Received on Friday, 6 October 2006 10:58:35 UTC