W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 14 Jun 2011 19:50:10 +0000
To: <pgrosso@ptc.com>, <jirka@kosek.cz>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <02690389-55B5-4A1A-8DC7-D2C5B2CEC9E3@nokia.com>
Paul, Jirka

Thank you for the comments from the XML Core WG on the XML Security 2.0 Last Call drafts.

(1) I have entered the comments on XML Signature 2.0 into Tracker as Last Call comments LC-2488.  The WG is reviewing these comments.

http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-20110421/2488

(2) I have entered the comments on XML Signature Streaming Profile of XPath 1.0 into Tracker as Last Call comments LC-2489

http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-xpath-20110421/2489

We discussed the rationale for an additional profile at the 2010 TPAC and Pratik has sent a message in response to this comment, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0013.html (recorded with LC-2489).

This should resolve this second issue so I will send  a message from tracker asking for agreement on the resolution to keep the profile for the reasons stated (I have entered Paul as the submitter of the issues so the mail will be addressed to Paul. If you  (on behalf of XML Core and Jirka) agree with our argument can you please respond that the resolution is accepted,  including the public xml security list, we can then formally close the second issue. If not, we will need to be more concrete on next steps to address the issues Pratik noted.

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG



On Jun 6, 2011, at 3:08 PM, ext Grosso, Paul wrote:

> Forwarding from XML Core to XML Signature WG.
> 
> paul
> 
> -----Original Message-----
> From: Jirka Kosek [mailto:jirka@kosek.cz] 
> Sent: Tuesday, 2011 May 31 4:03
> To: Grosso, Paul
> Cc: public-xml-core-wg@w3.org
> Subject: Re: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0
> 
> On 27.4.2011 15:37, Grosso, Paul wrote:
>> The XML Core WG has been asked to review these specs 
>> before the end of May.  Jirka and Norm have actions
>> to do so and report back to the WG.
> 
> Hi,
> 
> I spent very limited time on this and haven't time to review RELAX NG
> schemas at all. Below are few issues I have found. I'm also attaching
> HTML rendering.
> 
> 				Jirka
> 
> 1 XML Signature Syntax and Processing Version 2.0
> --------------------------------------------------
> [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/]
> * Specification uses term "XML namespace URI" instead of "namespace name"
>  Although this probably doesn't create confusion, such informal term
>  shouldn't appear in W3C spec. Either proper term "namespace name"
>  should be used (see [http://www.w3.org/TR/xml-names/#dt-NSName]) or at
>  least "XML namespace URI" should be put into Appendix A - Definitions
>  and be properly defined here as a synonym of "namespace name".
> * Insufficently defined context for XPath evaluation in  "10.6.1
> Selection of XML Documents or Fragments"
>  XPath 1.0 specification defines the following properties for context
>  ORG-BLOCKQUOTE-START
>  a node (the context node)
>  a pair of non-zero positive integers (the context position and the
> context size)
>  a set of variable bindings
>  a function library
>  the set of namespace declarations in scope for the expression
>  ORG-BLOCKQUOTE-END
>  Only the context node is defined in this specification, other
>  properties should be defined as well.
> * Typo in  "11.3 Namespace Context and Portable Signatures"
>  In addition, the Canonical XML and Canonical XML with Comments
>  algorithms import all XML namespace attributes (such as *xml:lang*) from
>  the...
> 
>  There shouldn't be `xml:lang', but namespace declaration attribute
> like `xmlns:foo'.
> 
>  Also using entity references in examples as content of namespace
>  declarations looks quite confusing.
> *  "B.7.2 Base64"
>  Transformation as described assumes that operates on text node --
>  otherwise it will always return empty string. I'm not sure whether
>  this is correct assumption. Omitting operation 1) will fix this
>  problem.
> 
> 2 XML Signature Streaming Profile of XPath 1.0
> -----------------------------------------------
> [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/] In general I don't
> think it is good idea to create yet another XPath
> subset. Proliferation of XPath subsetting prevents using standalone
> XPath libraries when implementing various subsets of the language. If
> streaming is necessary then effort should be derived from XSLT 3.0
> which provides streaming facilities.
> 
> 
> 
> -- 
> ------------------------------------------------------------------
>  Jirka Kosek      e-mail: jirka@kosek.cz      http://xmlguru.cz
> ------------------------------------------------------------------
>       Professional XML consulting and training services
>  DocBook customization, custom XSLT/XSL-FO document processing
> ------------------------------------------------------------------
> OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member
> ------------------------------------------------------------------
> <xmldsig-review-2011-05-31.html><signature.asc>
Received on Tuesday, 14 June 2011 19:50:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 14 June 2011 19:50:50 GMT