W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2010

Re: Action 713 Bruce Rich to review XML Signature 2.0 requirements

From: <Frederick.Hirsch@nokia.com>
Date: Fri, 3 Dec 2010 20:00:35 +0100
To: <brich@us.ibm.com>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <603A88A1-069D-45F4-8719-1B5324AC56C0@nokia.com>

Thanks for the review and for pointing out this concern.

The requirement is listed in the previous section, 3.2.2 and is met by the 2.0 selection ByteRange parameter:
ByteRange: The optional byte range parameter can be used to indicate that only a portion of the binary data should be signed. E.g. ByteRange="0-20,220-270,320-" indicates that the first 20 bytes, then bytes 220 to 270, and finally bytes 320 to end of file are included.

I propose the following changes to the 2.0 requirements draft:

1. Remove section 3.2.3, Binary Portions Proposal (no other proposals are in the draft, our older working draft listed on the publications page, "XML Signature Transform Simplification: Requirements and Desig<http://www.w3.org/TR/2009/WD-xmldsig-simplify-20090730/#title>n" continues to list the various proposals including this one, if someone is interested in the earlier proposals)

2. Replace "some grammar" with "a mechanism" in section 3.2.2, Binary Portions Requirements.

The revised text reads as follows:

The XML Signature 1.0 specification allows authors of XML signatures to sign a subset of an XML document, but doesn't define any grammar that allows a subset of a non XML resource to be signed. The requirement for the next version of the XML signature specification is to define a mechanism that allows a subset of a non XML resource to be signed.

Does anyone disagree with the proposed changes to the 2.0 requirements draft?  If not,  I will update the requirements draft.


regards, Frederick

Frederick Hirsch

On Dec 3, 2010, at 1:23 PM, ext Bruce Rich wrote:

I made several passes through the XML Security 2.0 Requirements and Design Considerations, with particular focus on the Signature requirements.

I believe the current draft of Signature 2.0 meets all of the requirements expressed in the Requirements doc, save the "new ByteRange transform" in section 3.2.3.  (http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs2/Overview.html#binary-portions-proposal)
We met this one in spirit, although not in the form that the Requirements doc requested.
We could mod the requirements document to permit enough flexibility to have the selection operation in section 6.7.2 (http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Type-Binary-fromURI) be an adequate resolution of the requirement.
Or we could just let sleeping dogs lie, thank the requirements doc for its proposal and conclude that the selection operation honors the spirit of the request.
I would propose the latter.

Bruce A Rich
brich at-sign us dot ibm dot com
Received on Friday, 3 December 2010 19:01:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:14 UTC