W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Additional transforms draft comment - SwA

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 13 Jan 2009 10:33:10 -0500
Message-Id: <1D5BC6C3-7428-4222-931E-EA6908D22355@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>

The Transform Simplification draft mentions the WSS SwA profile [1] in  
section 5.3 [2].

It is not a "hack" to require a transform to be first, as we impose  
that requirement on selection in the proposal, for example. In fact  
these transforms are specialized selection transforms.

Thus I suggest changing from

"The WS-Security SWA profile defines new transforms -  
AttachmentComplete and AttachmentContentOnly. This is really a hack,  
as these operations are not really transforms. Regular transforms can  
be present anywhere in the transform chain, and they can be present  
any number of time. But these transforms need to be there only as the  
first transform, and unlike other transforms, they do not operate on  
binary/nodeset data, instead they operate on a soap attachment which  
has binary body and a set of headers. Also this transform does  
attachment content canonicalization depending on the content type -  
xml content is canonicalized in one way, text content in another way"


"The WS-Security SOAP with Attachments (SwA) profile [WSS-SwA]   
defines transforms for selection of a mime attachment, the   
AttachmentComplete and AttachmentContentOnly transforms. "

[WSS-SwA] should be a reference link.

We can probably remove the second paragraph as well.

This belongs in a section on Selection, not of extensions, so we need  
a new section "Selection", including as well as some of the XPath  
material. We probably also need a Canonicalization section.

regards, Frederick

Frederick Hirsch

[1] http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-errata-os-SwAProfile.pdf

[2] http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.html#extensibility
Received on Tuesday, 13 January 2009 15:34:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC