xmldsig-review-2011-05-31

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/

• Specification uses term "XML namespace URI" instead of "namespace name"
  Although this probably doesn't create confusion, such informal term shouldn't appear in W3C spec. Either proper term "namespace name" should be used (see http://www.w3.org/TR/xml-names/#dt-NSName) or at least "XML namespace URI" should be put into Appendix A - Definitions and be properly defined here as a synonym of "namespace name".
• Insufficently defined context for XPath evaluation in § "10.6.1 Selection of XML Documents or Fragments"
  XPath 1.0 specification defines the following properties for context

  a node (the context node)
  a pair of non-zero positive integers (the context position and the context size)
  a set of variable bindings
  a function library
  the set of namespace declarations in scope for the expression

  Only the context node is defined in this specification, other properties should be defined as well.

• Typo in § "11.3 Namespace Context and Portable Signatures"
  In addition, the Canonical XML and Canonical XML with Comments algorithms import all XML namespace attributes (such as xml:lang) from the…

  There shouldn't be xml:lang, but namespace declaration attribute like xmlns:foo.

  Also using entity references in examples as content of namespace declarations looks quite confusing.

• § "B.7.2 Base64"
  Transformation as described assumes that operates on text node -- otherwise it will always return empty string. I'm not sure whether this is correct assumption. Omitting operation 1) will fix this problem.

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/ In general I don't think it is good idea to create yet another XPath subset. Proliferation of XPath subsetting prevents using standalone XPath libraries when implementing various subsets of the language. If streaming is necessary then effort should be derived from XSLT 3.0 which provides streaming facilities.