W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

FW: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0

From: Grosso, Paul <pgrosso@ptc.com>
Date: Mon, 6 Jun 2011 15:08:22 -0400
Message-ID: <9B2DE9094C827E44988F5ADAA6A2C5DA02EE3A07@HQ-MAIL9.ptcnet.ptc.com>
To: <public-xmlsec@w3.org>
Forwarding from XML Core to XML Signature WG.


-----Original Message-----
From: Jirka Kosek [mailto:jirka@kosek.cz] 
Sent: Tuesday, 2011 May 31 4:03
To: Grosso, Paul
Cc: public-xml-core-wg@w3.org
Subject: Re: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0

On 27.4.2011 15:37, Grosso, Paul wrote:
> The XML Core WG has been asked to review these specs 
> before the end of May.  Jirka and Norm have actions
> to do so and report back to the WG.


I spent very limited time on this and haven't time to review RELAX NG
schemas at all. Below are few issues I have found. I'm also attaching
HTML rendering.


1 XML Signature Syntax and Processing Version 2.0
* Specification uses term "XML namespace URI" instead of "namespace name"
  Although this probably doesn't create confusion, such informal term
  shouldn't appear in W3C spec. Either proper term "namespace name"
  should be used (see [http://www.w3.org/TR/xml-names/#dt-NSName]) or at
  least "XML namespace URI" should be put into Appendix A - Definitions
  and be properly defined here as a synonym of "namespace name".
* Insufficently defined context for XPath evaluation in § "10.6.1
Selection of XML Documents or Fragments"
  XPath 1.0 specification defines the following properties for context
  a node (the context node)
  a pair of non-zero positive integers (the context position and the
context size)
  a set of variable bindings
  a function library
  the set of namespace declarations in scope for the expression
  Only the context node is defined in this specification, other
  properties should be defined as well.
* Typo in § "11.3 Namespace Context and Portable Signatures"
  In addition, the Canonical XML and Canonical XML with Comments
  algorithms import all XML namespace attributes (such as *xml:lang*) from

  There shouldn't be `xml:lang', but namespace declaration attribute
like `xmlns:foo'.

  Also using entity references in examples as content of namespace
  declarations looks quite confusing.
* § "B.7.2 Base64"
  Transformation as described assumes that operates on text node --
  otherwise it will always return empty string. I'm not sure whether
  this is correct assumption. Omitting operation 1) will fix this

2 XML Signature Streaming Profile of XPath 1.0
[http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/] In general I don't
think it is good idea to create yet another XPath
subset. Proliferation of XPath subsetting prevents using standalone
XPath libraries when implementing various subsets of the language. If
streaming is necessary then effort should be derived from XSLT 3.0
which provides streaming facilities.

  Jirka Kosek      e-mail: jirka@kosek.cz      http://xmlguru.cz

       Professional XML consulting and training services
  DocBook customization, custom XSLT/XSL-FO document processing
 OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member

Received on Monday, 6 June 2011 19:08:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:16 UTC