W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Questions/comments on Use Case and Requirements editors draft

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 12 Jan 2009 18:20:54 -0500
Message-Id: <371804CF-BB1C-4B6B-A8E3-23601E0DC606@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>

(1) Should we move the transform simplification material back into the  
Requirements document or keep it separate?

(2) I suggest we add a section for Security Algorithms with the  
following requirements

1. Update XML Security to reflect new risks identified with existing  
algorithms and add support for stronger replacements. Examples are  
SHA-256 and SHA-1.

2. Update algorithms to reflect algorithms in practical and emerging  
use. An example is Elliptic Curve algorithms.

(3) Remove section 4.3 which is empty.

(4) in section 4.4.2.2

add to last sentence "even with well-defined Signature Properties."

s/SignedInf/SignedInfo/

(5)  in section  4.4.2.4

Add sentence "However the wide use of QNames in XML content suggests  
that prefixes will need to continue to be maintained."

replace "qname" with "QName" throughout document


regards, Frederick

Frederick Hirsch
Nokia
Received on Tuesday, 13 January 2009 03:03:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT