W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2008

Re: Reminder: WG actions needed on Best Practices before publication

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Mon, 22 Sep 2008 15:05:36 -0400
To: "Hirsch Frederick (Nokia-OCTO/Boston)" <frederick.hirsch@nokia.com>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-id: <48D7EC80.8030308@sun.com>

Hirsch Frederick (Nokia-OCTO/Boston) wrote:
> 
> All
> 
> We have some items to complete before publishing the Best Practices as a 
> first working draft.
> If we can complete these items before 7 October, then we can agree at 
> that meeting to the changes, incorporate them before the F2F and agree 
> to publish during the F2F (unless we are able to agree to publish on 7 
> October).
> 
> 1) Please review the current Best Practices draft so that we can approve 
> as working draft for publication. Please post any comments to the list 
> by next week.
> 
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/

A couple of comments on section section 2.1.2 (Best Practice 5).

I think it would be a fairly immature XML Signature implementation that 
would still duplicate every namespace node for each element in the 
document. Yes, some early implementations did do that. I suggest 
adjusting the wording in this section as to not imply that every 
implementation does that.

Also, the example uses relative namespace URIs which should be rejected 
by C14N implementations [1]. So the example needs to be changed to use 
absolute URIs. This comment applies to all of the other examples as well.

--Sean

[1] http://www.w3.org/TR/xml-c14n11/#DataModel

Note: This specification supports the recent XML plenary decision to 
deprecate relative namespace URIs as follows: implementations of XML 
canonicalization MUST report an operation failure on documents 
containing relative namespace URIs. XML canonicalization MUST NOT be 
implemented with an XML parser that converts relative URIs to absolute URIs.
Received on Monday, 22 September 2008 19:06:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT