W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: XML Signature Properties - ready?

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 17 Feb 2009 09:39:52 -0500
To: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-id: <499ACC38.7070006@sun.com>
Some comments on
Section 3.2 Compliance

"Use of any or all of these Signature Properties in an XML Signature is 
optional and nothing precludes the use of additional properties defined 
elsewhere.

[Definition: A Common Signature Property is a property defined in this 
specification and identified by the namespace defined in this document.] 
When such Common Signature Properties are used the format and processing 
rules associated with those properties, as defined in this document, 
MUST apply."



1. s/optional/OPTIONAL

2. I'm uncomfortable with the last sentence. This implies that a 
validator (or decryptor) MUST process the property according to the 
rules if it is included in a Signature. But what if a validator doesn't 
support or recognize the property? Should it ignore it? But what if the 
property must be processed because validation really depends on it which 
seems to be the case with most of these? I am concerned that since the 
processing of most of these properties affect validation that what is 
really needed are changes to the signature validation algorithm which 
probably isn't appropriate until 2.0.

--Sean

Frederick Hirsch wrote:
> 
> Does the WG agree to  progress the (revised) XML Signature Properties 
> draft to first public working draft?
> 
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
> 
> I propose one change to the current draft - to change the usage 
> attribute to "role"  and to remove the second paragraph in that section 
> "one example".
> 
> Please indicate on the list if you believe additional changes are required.
> 
> Thanks
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> 
Received on Tuesday, 17 February 2009 14:49:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT