Re: Proposed addition to XML Signature 1.1 and 2.0 for XML Signature Best Practices ( LC-2507) from Frederick.Hirsch@nokia.com on 2011-08-15 (public-xmlsec@w3.org from August 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 15 Aug 2011 18:25:16 +0000
To: <Frederick.Hirsch@nokia.com>
CC: <public-xmlsec@w3.org>
Message-ID: <D61FF1F3-DD5F-40FC-86A9-5F17C6DDE983@nokia.com>

I agree with the changes.

regards, Frederick

Frederick Hirsch
Nokia



On Aug 15, 2011, at 2:18 PM, ext frederick.hirsch@nokia.com wrote:

> 
> Dear <Frederick.Hirsch@nokia.com>,
> 
> The XML Security Working Group has reviewed the comments you sent [1] on
> the Last Call Working Draft [2] of the XML Signature Syntax and Processing
> Version 2.0 published on 21 Apr 2011. Thank you for having taken the time
> to review the document and to send us comments!
> 
> The Working Group's response to your comment is included below.
> 
> Please review it carefully and let us know by email at
> public-xmlsec@w3.org if you agree with it or not before 22 August 2011. In
> case of disagreement, you are requested to provide a specific solution for
> or a path to a consensus with the Working Group. If such a consensus cannot
> be achieved, you will be given the opportunity to raise a formal objection
> which will then be reviewed by the Director during the transition of this
> document to the next stage in the W3C Recommendation Track.
> 
> Thanks,
> 
> For the XML Security Working Group,
> Thomas Roessler
> W3C Staff Contact
> 
> 1. http://www.w3.org/mid/43F44120-731C-45DD-B2FF-6943C80E2427@nokia.com
> 2. http://www.w3.org/TR/2011/WD-xmldsig-core2-20110421/
> 
> 
> =====
> 
> Your comment on :
>> I propose the following changes to  XML Signature 1.1 and XML Signature
>> 2.0 to reference XML Signature Best Practices:
>> 
>> (1) Add new paragraph at end of Section 1, Introduction , as follows:
>> 
>> A number of good practices related to the use of XML Signature,
>> including practical implementation considerations and practices for
>> improving security are documented in the XML Signature Best Practices
>> document which should be considered by implementers of this
>> specification [XMLDSIG-BESTPRACTICES].
>> 
>> (2) Add informative reference  to A.2 Informative references, as
>> follows:
>> 
>> [XMLDSIG-BESTPRACTICES]
>> Pratik Datta; Frederick Hirsch. XML Signature Best Practices. 31 August
>> 2010. W3C Working Draft. (Work in progress.)
>> URL:http://www.w3.org/TR/2010/WD-xmldsig-bestpractices-20100831/
>> 
>> regards, Frederick
>> 
>> Frederick Hirsch
>> Nokia
> 
> 
> Working Group Resolution (LC-2507):
> Paragraph added to introduction to refer to Best Practices, including
> reference. Updated to use language proposed by Marcos - "The Working Group
> encourages implementers and developers to read XML Signature Best Practices
> [XMLDSIG-BESTPRACTICES]. It contains a number of best practices related to
> the use of XML Signature, including implementation considerations and
> practical ways of improving security."
> 
> ----
> 
> 
>

Received on Monday, 15 August 2011 18:26:35 UTC