W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2011

Re: Importing 1.0 while normatively referencing 1.1 ( LC-2544)

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 31 Aug 2011 12:42:14 +0000
To: <mnystrom@microsoft.com>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <375F729A-A031-4320-AD9C-A952D57953FE@nokia.com>
Magnus

I have checked in gh-example.xml, making the additional correction, changing

  xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#">

to

  xmlns:ghc="http://www.w3.org/2009/xmlsec-ghc#">

comments inline below regarding other items

Thanks for the careful review.

(It would help if you can get cvs access Magnus,  please ask Thomas.)

regards, Frederick

Frederick Hirsch
Nokia



On Aug 31, 2011, at 12:00 AM, ext Magnus Nystrom wrote:

> Makoto wrote:
> 
>> I have to revisit this issue, since a test document gh-example.xml (in the directory "xml encryption test files") has
> 
>> <ds:KeyInfo>
>>   <dsig11:ECKeyValue>
>>      <dsig11:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/>
>>     <dsig11:PublicKey>DEADBEEF</dsig11:PublicKey>
>>   </dsig11:ECKeyValue>
>> </ds:KeyInfo>
> 
>> To validate this ECKeyValue element, we need the schema for Signature 1.1.
> 
>> But this example document might be simply incorrect.  I see other errors such as
> 
>>   Algorithm="http://www.w3.org/2009/xmlenc11#GenericHybridCipher"
> 
>> which is not a valid algorithm identifer.  Is my copy obsolete?
> 
> It may be, I have attached a corrected version to this email. Maybe you can upload it, Frederick?
> In addition, I found the following apparent inconsistencies in our schema and example documents while verifying this example:
> 
> 1. Our xmldsig11-schema.xsd currently begins:
> 
> <schema
>   targetNamespace="http://www.w3.org/2009/xmldsig11#"
>   version="0.1" 
>   elementFormDefault="qualified">
> 
> Should it not be:
> 
> <?xml version="1.0" encoding="utf-8"?>
> 
> <schema
>   xmlns="http://www.w3.org/2001/XMLSchema"
>   xmlns:dsig11="http://www.w3.org/2009/xmldsig11#"
>   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>   targetNamespace="http://www.w3.org/2009/xmldsig11#"
>   version="0.1" 
>   elementFormDefault="qualified">

[fh] We have the corrected version checked in, looking at the xmldsig11-schema.xsd file that is currently checked in the xmldsig-core-11 directory. I also see it in the version linked from the latest publication.

You must be looking at an old or incorrect version Magnus, perhaps a cvs update is required.

I agree we want the latter.


> 
> ? (Note the addition of the xmlns: definitions in addition to the xml version element)
> 
> 2. I also wonder about the use of 'version="0.1"' above - should it not be 'version="1.0"'?

[fh]  I think so, not sure why we have 0.1, looks like an error. Others?

> 
> 3. Similarly as 1., above, shouldn't the XML Encryption 1.1 schema linked to in the XML Encryption 1.1 document begin with:
> 
> <?xml version="1.0" encoding="utf-8"?>
> 
> <schema
>   xmlns="http://www.w3.org/2001/XMLSchema"
>   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>   xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>   xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"   
>   version="1.0" 
>   targetNamespace="http://www.w3.org/2009/xmlenc11#"
>   elementFormDefault="qualified">

> 
> (Or is it sufficient just to import? I thought the namespace declaration had to be there too?)

[fh] I would expect to see the declaration, but can one of our XSD schema experts answer?

> 

> 
> 4. Not that it matters too much, but I note that the XML Signature 1.1 schema has the schema attributes "version" and "targetNamespace" in a different order than XML Encryption 1.1 schema. For consistency it would be nicer with the same ordering.
> 

[fh]  we should probably update enc schema for consistency

> 5. As with 1. and 3. above, should not the GHC schema begin with:
> 
> <?xml version="1.0" encoding="utf-8"?>
> 
> <schema xmlns="http://www.w3.org/2001/XMLSchema"
>        xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#"
>        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>        xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
>        targetNamespace="http://www.w3.org/2009/xmlsec-gh#"
>        version="0.1"
>        elementFormDefault="qualified">
> 
> ?
> 

[fh]  I think so, with version correction

> 6. Same comment as 4. above about the ordering of attributes "version" and "targetNamespace" ?

[fh] agree

> 
> 7. Same comment as 2. above regarding the GHC schema's "version='0.1'" ?

[fh] agree

> 
> 8. The GHC schema uses the URI .../2009/xmlsec-gh# but the algorithm identifiers in the GHC document uses the URI .../2001/xmlsec-ghc#... While not formally an error, I suggest switching to the latter also for the schema URI in which case the example within the GHC document becomes correct.

[fh] I think we should go with the ghc version, any disagreement?

> 
> 9. The XML Encryption 1.0 schema linked to in our XML Encryption 1.1 document is not the same as the one linked to in the XML Encryption 1.0 TR. The schema linked to in the TR does contain the namespace declarations and the introductory <?xml version=...> element. Should they not be the same?

[fh] here i suspect we don't want them to be the same, I don't think we want to touch the 1.0 schema at all, while benign updates to 1.1 are probably ok

> 
> 10. The enc-example.xml linked to in Section 9.1 in XML Encryption 1.1 is not a valid example. I suggest instead using one of our derived key examples (they are in the interop Wiki).

[fh] Can you please provide an update?

> 
> 11. In XML Signature 1.1, the "Schema Driver" schema also uses "version=0.1"...

[fh] I suspect someone thought we'd update it to 1.0 once ready to progress...

We should also update copyrights on all the schema files as Makoto suggested. I'll send a separate email on that.
> 
> Best,
> -- Magnus
> 
> 2011/8/19 MURATA Makoto <eb2m-mrt@asahi-net.or.jp>:
>> Agreed.  Thanks.
>> 
>> Regards,
>> Makoto
>> 
>> 2011/8/17  <frederick.hirsch@nokia.com>:
>>> 
>>> Dear MURATA Makoto ,
>>> 
>>> The XML Security Working Group has reviewed the comments you sent [1] on
>>> the Last Call Working Draft [2] of the XML Encryption Syntax and Processing
>>> Version 1.1 published on 13 May 2010. Thank you for having taken the time
>>> to review the document and to send us comments!
>>> 
>>> The Working Group's response to your comment is included below.
>>> 
>>> Please review it carefully and let us know by email at
>>> public-xmlsec@w3.org if you agree with it or not before 22 August 2011. In
>>> case of disagreement, you are requested to provide a specific solution for
>>> or a path to a consensus with the Working Group. If such a consensus cannot
>>> be achieved, you will be given the opportunity to raise a formal objection
>>> which will then be reviewed by the Director during the transition of this
>>> document to the next stage in the W3C Recommendation Track.
>>> 
>>> Thanks,
>>> 
>>> For the XML Security Working Group,
>>> Thomas Roessler
>>> W3C Staff Contact
>>> 
>>> 1.
>>> http://www.w3.org/mid/CALvn5EAQnAT-i4xB0HV+29ta0fp=ijcg77BfofM3o1x44U0jQg@mail.gmail.com
>>> 2. http://www.w3.org/TR/2010/WD-xmlenc-core1-20100513/
>>> 
>>> 
>>> =====
>>> 
>>> Your comment on 9.1 XSD Schema XML Encryption Core Schema Instance
>>> xenc-sc...:
>>>> xenc-schema-11.xsd does not import xmldsig11-schema.xsd but
>>>> rather import xmldsigschema.xsd.  However, XML Encryption 1.1
>>>> normatively references to XML Signature 1.1 rather than 1.0.
>>>> Which is correct?
>>> 
>>> 
>>> Working Group Resolution (LC-2544):
>>> The working group decided to not make any change here as
>>> xenc-schema-11.xsd does not require any definitions from
>>> xmldsig-11-schema.xsd. All that is required is ds:DigestMethod from
>>> xmldsigschmema.xsd; so the current inclusion is correct and does not
>>> include unnecessary material.
>>> 
>>> Thus the schema import is correct as is the normative reference to XML
>>> SIgnature 1.1 (e.g. to pick up normative changes that are not necessarily
>>> reflected by schema changes)
> 
> <gh-example-corrected.xml>
Received on Wednesday, 31 August 2011 12:43:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 31 August 2011 12:43:12 GMT