W3C home > Mailing lists > Public > public-xmlsec@w3.org > October 2010

Updates to XML signature 2.0

From: Pratik Datta <pratik.datta@oracle.com>
Date: Thu, 28 Oct 2010 01:07:00 -0700 (PDT)
Message-ID: <2e4dc9a7-58d6-4545-9983-fd7c90246fcd@default>
To: public-xmlsec@w3.org
Updated the XML Signature 2.0 document with the following

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20  Oct 28th version


ACTION-647: Implement Cantor's proposed text to identify all attributes

Changed existing text
"<dsig2:IDAttributes> is used for ID-based references to precisely define the ID attribute that the signer has used for a particular reference. It can have one of the following two subelements:"

To

"<dsig2:IDAttributes> is used for ID-based references to define the ID attributes that the signer has used. Note: this is just an optional hint, the signer is not mandated to use this mechanism to identify the ID attributes. Also the IDAttributes may list more than one ID attribute, this signals the verifier to resolve this particular ID-based <Reference> with any one the specified ID attributes.
The <IDAttributes> element can have any or both the following two subelements any number of times:"




Also I changed

<dsig2:IDAttributes>
 <dsig2:QualifiedID name="..." ns="..."/>
 <dsig2:UnqualifiedID name="..." parentname="..." parentns="..."/>
</dsig2:IDAttributes>

To

<dsig2:IDAttributes>
  <dsig2:QualifiedAttr Name="..." NS="..."/>
    <c14n2:UnqualifiedAttr Name="..." ParentName="..." ParentNS="..."/>
</dsig2:IDAttributes>


To be consistent with the C14n2.0 spec, which also defines these same two elements, plus an additional element called "Element"

<c14n2:QNameAware>
    <c14n2:Element Name="..." NS="..."/>
    <c14n2:QualifiedAttr Name="..." NS="..."/>
    <c14n2:UnqualifiedAttr Name="..." ParentName="..." ParentNS="..."/>
</c14n2:QNameAware>

This is a little strange, having the exact same element with the same semantics in two different namespaces. But I guess putting a dependency of one over the other would be even worse.




I also changed the schema to  have maxOccurs="unbounded"

	<complexType name="IDAttributesType">
	   <choice maxOccurs="unbounded">
	       <element name="QualifiedAttr">
	           <complexType>
	               <attribute name="Name" type="NCName" use="required"/>
	               <attribute name="NS" type="anyURI" use="required"/>
	           </complexType>
	       </element>
           <element name="UnqualifiedAttr">
               <complexType>
                   <attribute name="Name" type="NCName" use="required"/>
                   <attribute name="ParentName" type="NCName" use="required"/>
                   <attribute name="ParentNS" type="anyURI"/>
               </complexType>
           </element>
         </choice>
	</complexType>

-------------------------------------------------------------------------





ACTION-659: Review newTransformModel URI and does URI need correct
  Changed it to http://www.w3.org/2010/xmldsig2#transform







Pratik
Received on Thursday, 28 October 2010 08:09:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 28 October 2010 08:09:41 GMT