Re: Importing 1.0 while normatively referencing 1.1 ( LC-2544)

I just fixed gh-example.xml to use 2010. Thanks for catching that.

regards, Frederick

Frederick Hirsch
Nokia



On Aug 31, 2011, at 10:40 AM, ext Magnus Nystrom wrote:

> Hi Frederick,
> Thanks for the quick update. A few additional comments:
> 
> - About using a late version: I just followed the link on our publication page. It takes me to the XML Encryption 1.1 recommendation dated August 30, 2011. Following the link to the schema(s) in that document takes me to the files below. In those files, all the namespace declarations are missing (e.g. there is no attribute entry like " xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"" in the schema. The XML Signature document I started from is dated 8/8 2011. Old?  Also, I don't understand what you're saying when you say we don't want to touch the XML Encryption 1.0 schema - I agree completely with this, but my point is that the 1.0 schema linked to in the 1.1 document seems different from the 1.0 schema linked to in the 1.0 TR...(and the schema in the 1.0 TR does look fine to me, does have the namespace attributes).
> 
> Also, below you wrote:
> 
>> changing
>>  xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#">
>> to
>>  xmlns:ghc="http://www.w3.org/2009/xmlsec-ghc#">
> 
> I assume you meant "2010" for the latter?
> 
> -- Magnus
> 
> 
>> -----Original Message-----
>> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
>> Sent: Wednesday, August 31, 2011 5:42 AM
>> To: Magnus Nystrom
>> Cc: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
>> Subject: Re: Importing 1.0 while normatively referencing 1.1 ( LC-2544)
>> 
>> Magnus
>> 
>> I have checked in gh-example.xml, making the additional correction, changing
>> 
>>  xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#">
>> 
>> to
>> 
>>  xmlns:ghc="http://www.w3.org/2009/xmlsec-ghc#">
>> 
>> comments inline below regarding other items
>> 
>> Thanks for the careful review.
>> 
>> (It would help if you can get cvs access Magnus,  please ask Thomas.)
>> 
>> regards, Frederick
>> 
>> Frederick Hirsch
>> Nokia
>> 
>> 
>> 
>> On Aug 31, 2011, at 12:00 AM, ext Magnus Nystrom wrote:
>> 
>>> Makoto wrote:
>>> 
>>>> I have to revisit this issue, since a test document gh-example.xml
>>>> (in the directory "xml encryption test files") has
>>> 
>>>> <ds:KeyInfo>
>>>>  <dsig11:ECKeyValue>
>>>>     <dsig11:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/>
>>>>    <dsig11:PublicKey>DEADBEEF</dsig11:PublicKey>
>>>>  </dsig11:ECKeyValue>
>>>> </ds:KeyInfo>
>>> 
>>>> To validate this ECKeyValue element, we need the schema for Signature 1.1.
>>> 
>>>> But this example document might be simply incorrect.  I see other
>>>> errors such as
>>> 
>>>>  Algorithm="http://www.w3.org/2009/xmlenc11#GenericHybridCipher"
>>> 
>>>> which is not a valid algorithm identifer.  Is my copy obsolete?
>>> 
>>> It may be, I have attached a corrected version to this email. Maybe you can
>> upload it, Frederick?
>>> In addition, I found the following apparent inconsistencies in our schema and
>> example documents while verifying this example:
>>> 
>>> 1. Our xmldsig11-schema.xsd currently begins:
>>> 
>>> <schema
>>>  targetNamespace="http://www.w3.org/2009/xmldsig11#"
>>>  version="0.1"
>>>  elementFormDefault="qualified">
>>> 
>>> Should it not be:
>>> 
>>> <?xml version="1.0" encoding="utf-8"?>
>>> 
>>> <schema
>>>  xmlns="http://www.w3.org/2001/XMLSchema"
>>>  xmlns:dsig11="http://www.w3.org/2009/xmldsig11#"
>>>  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>>>  targetNamespace="http://www.w3.org/2009/xmldsig11#"
>>>  version="0.1"
>>>  elementFormDefault="qualified">
>> 
>> [fh] We have the corrected version checked in, looking at the xmldsig11-
>> schema.xsd file that is currently checked in the xmldsig-core-11 directory. I also
>> see it in the version linked from the latest publication.
>> 
>> You must be looking at an old or incorrect version Magnus, perhaps a cvs update
>> is required.
>> 
>> I agree we want the latter.
>> 
>> 
>>> 
>>> ? (Note the addition of the xmlns: definitions in addition to the xml
>>> version element)
>>> 
>>> 2. I also wonder about the use of 'version="0.1"' above - should it not be
>> 'version="1.0"'?
>> 
>> [fh]  I think so, not sure why we have 0.1, looks like an error. Others?
>> 
>>> 
>>> 3. Similarly as 1., above, shouldn't the XML Encryption 1.1 schema linked to in
>> the XML Encryption 1.1 document begin with:
>>> 
>>> <?xml version="1.0" encoding="utf-8"?>
>>> 
>>> <schema
>>>  xmlns="http://www.w3.org/2001/XMLSchema"
>>>  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>>>  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>>>  xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
>>>  version="1.0"
>>>  targetNamespace="http://www.w3.org/2009/xmlenc11#"
>>>  elementFormDefault="qualified">
>> 
>>> 
>>> (Or is it sufficient just to import? I thought the namespace
>>> declaration had to be there too?)
>> 
>> [fh] I would expect to see the declaration, but can one of our XSD schema
>> experts answer?
>> 
>>> 
>> 
>>> 
>>> 4. Not that it matters too much, but I note that the XML Signature 1.1 schema
>> has the schema attributes "version" and "targetNamespace" in a different order
>> than XML Encryption 1.1 schema. For consistency it would be nicer with the
>> same ordering.
>>> 
>> 
>> [fh]  we should probably update enc schema for consistency
>> 
>>> 5. As with 1. and 3. above, should not the GHC schema begin with:
>>> 
>>> <?xml version="1.0" encoding="utf-8"?>
>>> 
>>> <schema xmlns="http://www.w3.org/2001/XMLSchema"
>>>       xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#"
>>>       xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>>>       xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"
>>>       targetNamespace="http://www.w3.org/2009/xmlsec-gh#"
>>>       version="0.1"
>>>       elementFormDefault="qualified">
>>> 
>>> ?
>>> 
>> 
>> [fh]  I think so, with version correction
>> 
>>> 6. Same comment as 4. above about the ordering of attributes "version" and
>> "targetNamespace" ?
>> 
>> [fh] agree
>> 
>>> 
>>> 7. Same comment as 2. above regarding the GHC schema's "version='0.1'" ?
>> 
>> [fh] agree
>> 
>>> 
>>> 8. The GHC schema uses the URI .../2009/xmlsec-gh# but the algorithm
>> identifiers in the GHC document uses the URI .../2001/xmlsec-ghc#... While not
>> formally an error, I suggest switching to the latter also for the schema URI in
>> which case the example within the GHC document becomes correct.
>> 
>> [fh] I think we should go with the ghc version, any disagreement?
>> 
>>> 
>>> 9. The XML Encryption 1.0 schema linked to in our XML Encryption 1.1
>> document is not the same as the one linked to in the XML Encryption 1.0 TR. The
>> schema linked to in the TR does contain the namespace declarations and the
>> introductory <?xml version=...> element. Should they not be the same?
>> 
>> [fh] here i suspect we don't want them to be the same, I don't think we want to
>> touch the 1.0 schema at all, while benign updates to 1.1 are probably ok
>> 
>>> 
>>> 10. The enc-example.xml linked to in Section 9.1 in XML Encryption 1.1 is not a
>> valid example. I suggest instead using one of our derived key examples (they are
>> in the interop Wiki).
>> 
>> [fh] Can you please provide an update?
>> 
>>> 
>>> 11. In XML Signature 1.1, the "Schema Driver" schema also uses
>> "version=0.1"...
>> 
>> [fh] I suspect someone thought we'd update it to 1.0 once ready to progress...
>> 
>> We should also update copyrights on all the schema files as Makoto suggested.
>> I'll send a separate email on that.
>>> 
>>> Best,
>>> -- Magnus
>>> 
>>> 2011/8/19 MURATA Makoto <eb2m-mrt@asahi-net.or.jp>:
>>>> Agreed.  Thanks.
>>>> 
>>>> Regards,
>>>> Makoto
>>>> 
>>>> 2011/8/17  <frederick.hirsch@nokia.com>:
>>>>> 
>>>>> Dear MURATA Makoto ,
>>>>> 
>>>>> The XML Security Working Group has reviewed the comments you sent
>>>>> [1] on the Last Call Working Draft [2] of the XML Encryption Syntax
>>>>> and Processing Version 1.1 published on 13 May 2010. Thank you for
>>>>> having taken the time to review the document and to send us comments!
>>>>> 
>>>>> The Working Group's response to your comment is included below.
>>>>> 
>>>>> Please review it carefully and let us know by email at
>>>>> public-xmlsec@w3.org if you agree with it or not before 22 August
>>>>> 2011. In case of disagreement, you are requested to provide a
>>>>> specific solution for or a path to a consensus with the Working
>>>>> Group. If such a consensus cannot be achieved, you will be given the
>>>>> opportunity to raise a formal objection which will then be reviewed
>>>>> by the Director during the transition of this document to the next stage in
>> the W3C Recommendation Track.
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> For the XML Security Working Group,
>>>>> Thomas Roessler
>>>>> W3C Staff Contact
>>>>> 
>>>>> 1.
>>>>> http://www.w3.org/mid/CALvn5EAQnAT-
>> i4xB0HV+29ta0fp=ijcg77BfofM3o1x44
>>>>> U0jQg@mail.gmail.com 2.
>>>>> http://www.w3.org/TR/2010/WD-xmlenc-core1-20100513/
>>>>> 
>>>>> 
>>>>> =====
>>>>> 
>>>>> Your comment on 9.1 XSD Schema XML Encryption Core Schema Instance
>>>>> xenc-sc...:
>>>>>> xenc-schema-11.xsd does not import xmldsig11-schema.xsd but rather
>>>>>> import xmldsigschema.xsd.  However, XML Encryption 1.1 normatively
>>>>>> references to XML Signature 1.1 rather than 1.0.
>>>>>> Which is correct?
>>>>> 
>>>>> 
>>>>> Working Group Resolution (LC-2544):
>>>>> The working group decided to not make any change here as
>>>>> xenc-schema-11.xsd does not require any definitions from
>>>>> xmldsig-11-schema.xsd. All that is required is ds:DigestMethod from
>>>>> xmldsigschmema.xsd; so the current inclusion is correct and does not
>>>>> include unnecessary material.
>>>>> 
>>>>> Thus the schema import is correct as is the normative reference to
>>>>> XML SIgnature 1.1 (e.g. to pick up normative changes that are not
>>>>> necessarily reflected by schema changes)
>>> 
>>> <gh-example-corrected.xml>
>> 
> 

Received on Friday, 2 September 2011 16:28:53 UTC