Re: Proposed addition to XML Signature 1.1 and 2.0 for XML Signature Best Practices ( LC-2507) from frederick.hirsch@nokia.com on 2011-08-15 (public-xmlsec@w3.org from August 2011)

From: <frederick.hirsch@nokia.com>
Date: Mon, 15 Aug 2011 18:18:41 +0000
To: <Frederick.Hirsch@nokia.com>
Cc: public-xmlsec@w3.org
Message-Id: <E1Qt1kH-0007tl-4O@jessica.w3.org>

 Dear <Frederick.Hirsch@nokia.com>,

The XML Security Working Group has reviewed the comments you sent [1] on
the Last Call Working Draft [2] of the XML Signature Syntax and Processing
Version 2.0 published on 21 Apr 2011. Thank you for having taken the time
to review the document and to send us comments!

The Working Group's response to your comment is included below.

Please review it carefully and let us know by email at
public-xmlsec@w3.org if you agree with it or not before 22 August 2011. In
case of disagreement, you are requested to provide a specific solution for
or a path to a consensus with the Working Group. If such a consensus cannot
be achieved, you will be given the opportunity to raise a formal objection
which will then be reviewed by the Director during the transition of this
document to the next stage in the W3C Recommendation Track.

Thanks,

For the XML Security Working Group,
Thomas Roessler
W3C Staff Contact

 1. http://www.w3.org/mid/43F44120-731C-45DD-B2FF-6943C80E2427@nokia.com
 2. http://www.w3.org/TR/2011/WD-xmldsig-core2-20110421/


=====

Your comment on :
> I propose the following changes to  XML Signature 1.1 and XML Signature
> 2.0 to reference XML Signature Best Practices:
> 
> (1) Add new paragraph at end of Section 1, Introduction , as follows:
> 
> A number of good practices related to the use of XML Signature,
> including practical implementation considerations and practices for
> improving security are documented in the XML Signature Best Practices
> document which should be considered by implementers of this
> specification [XMLDSIG-BESTPRACTICES].
> 
> (2) Add informative reference  to A.2 Informative references, as
> follows:
> 
> [XMLDSIG-BESTPRACTICES]
> Pratik Datta; Frederick Hirsch. XML Signature Best Practices. 31 August
> 2010. W3C Working Draft. (Work in progress.)
> URL:http://www.w3.org/TR/2010/WD-xmldsig-bestpractices-20100831/
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia


Working Group Resolution (LC-2507):
Paragraph added to introduction to refer to Best Practices, including
reference. Updated to use language proposed by Marcos - "The Working Group
encourages implementers and developers to read XML Signature Best Practices
[XMLDSIG-BESTPRACTICES]. It contains a number of best practices related to
the use of XML Signature, including implementation considerations and
practical ways of improving security."

----

Received on Monday, 15 August 2011 18:18:43 UTC