W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2007

Re: xmldsig-core: Updated editor's draft

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 23 May 2007 17:33:45 -0400
To: public-xmlsec-maintwg@w3.org
Message-id: <4654B339.1010807@sun.com>

Thomas Roessler wrote:
> There's an updated editor's draft at [1], 
> $Date: 2007/05/22 14:56:36 $.
> 
> Outstanding items:
> 
> - Juan Carlos' further clarification for 3.1.1 (but I see he has
>   just posted a proposal; ACTION-31)
> 
> - Sean's word-smithing on "generator" and "validator"

Here is my proposed re-wording. I propose more or less changing
"generators" to "applications that generate signatures". I think this is
more consistent with the rest of the document and avoids the use of a
new term. As for the one use of the term validator, note that section
4.3.3.2 covers both validation and generation, so (IMO) it is incorrect
to say that the requirement is only applicable to validators. So I
propose replacing this with "signature applications".

Section 3.1.1 change:

The Reference Processing Model (section 4.3.3.2) requires that
validators use Canonical XML 1.0 [XML-C14N] when a transformation that
would expect an octet-stream as input is applied to a node-set. We
RECOMMEND that generators do not rely on this default behavior, but
explicitly identify the transformation that is applied to perform this
mapping. In cases in which inclusive canonicalization is desired, we
RECOMMEND that Canonical XML 1.1 [XML-C14N11] be used.

> - E01 (dependent, among other things, upon Konrad's completion of
>  ACTION-19)
>
> 1. http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/


To:

The Reference Processing Model (section 4.3.3.2) requires that signature
applications use Canonical XML 1.0 [XML-C14N] when a transformation that
would expect an octet-stream as input is applied to a node-set. We
RECOMMEND that, when generating signatures, signature applications do
not rely on this default behavior, but explicitly identify the
transformation that is applied to perform this mapping. In cases in
which inclusive canonicalization is desired, we RECOMMEND that Canonical
XML 1.1 [XML-C14N11] be used.

Section 4.3.3.2 change:

Note: The Reference Generation Model (section 3.1.1) includes further
restrictions on the reliance upon implicitly defined default
transformations by signature generators.

To:

Note: The Reference Generation Model (section 3.1.1) includes further
restrictions on the reliance upon implicitly defined default
transformations by applications that generate signatures.

Section 6.5 change:

This specification REQUIRES implementation of both Canonical XML 1.0
[XML-C14N] and Canonical XML 1.1 [XML-C14N11]. We RECOMMEND that
generators chose Canonical XML 1.1 [XML-C14N11] when inclusive
canonicalization is desired.

To (also note typo s/chose/choose):

This specification REQUIRES implementation of both Canonical XML 1.0
[XML-C14N] and Canonical XML 1.1 [XML-C14N11]. We RECOMMEND that
applications that generate signatures choose Canonical XML 1.1
[XML-C14N11] when inclusive canonicalization is desired.


--Sean
Received on Wednesday, 23 May 2007 21:34:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:59 GMT