W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2011

Re: FW: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0 ( LC-2488)

From: <frederick.hirsch@nokia.com>
Date: Tue, 06 Sep 2011 18:24:01 +0000
To: Grosso@jessica.w3.org, Paul <pgrosso@ptc.com>
Cc: public-xmlsec@w3.org
Message-Id: <E1R10JV-0007ZJ-7i@jessica.w3.org>

 Dear Grosso, Paul ,

The XML Security Working Group has reviewed the comments you sent [1] on
the Last Call Working Draft [2] of the XML Signature Syntax and Processing
Version 2.0 published on 21 Apr 2011. Thank you for having taken the time
to review the document and to send us comments!

The Working Group's response to your comment is included below.

Please review it carefully and let us know by email at
public-xmlsec@w3.org if you agree with it or not before 16 September 2011.
In case of disagreement, you are requested to provide a specific solution
for or a path to a consensus with the Working Group. If such a consensus
cannot be achieved, you will be given the opportunity to raise a formal
objection which will then be reviewed by the Director during the transition
of this document to the next stage in the W3C Recommendation Track.

Thanks,

For the XML Security Working Group,
Thomas Roessler
W3C Staff Contact

 1.
http://www.w3.org/mid/9B2DE9094C827E44988F5ADAA6A2C5DA02EE3A07@HQ-MAIL9.ptcnet.ptc.com
 2. http://www.w3.org/TR/2011/WD-xmldsig-core2-20110421/


=====

Your comment on the document as a whole:
> 1 XML Signature Syntax and Processing Version 2.0
> 
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/
> 
> Specification uses term "XML namespace URI" instead of "namespace name"
> 
> Although this probably doesn't create confusion, such informal term
> shouldn't appear in W3C spec. Either proper term "namespace name" should
> be used (see http://www.w3.org/TR/xml-names/#dt-NSName) or at least "XML
> namespace URI" should be put into Appendix A - Definitions and be
> properly defined here as a synonym of "namespace name".
> Insufficently defined context for XPath evaluation in  "10.6.1
> Selection of XML Documents or Fragments" 
> XPath 1.0 specification defines the following properties for context
> a node (the context node)
> a pair of non-zero positive integers (the context position and the
> context size)
> a set of variable bindings
> a function library
> the set of namespace declarations in scope for the expression
> 
> Only the context node is defined in this specification, other
> properties should be defined as well.
> 
> Typo in  "11.3 Namespace Context and Portable Signatures" 
> In addition, the Canonical XML and Canonical XML with Comments
> algorithms import all XML namespace attributes (such as xml:lang) from
> theā€¦
> There shouldn't be xml:lang, but namespace declaration attribute like
> xmlns:foo.
> 
> Also using entity references in examples as content of namespace
> declarations looks quite confusing.
> 
> "B.7.2 Base64" 
> Transformation as described assumes that operates on text node --
> otherwise it will always return empty string. I'm not sure whether this
> is correct assumption. Omitting operation 1) will fix this problem


Working Group Resolution (LC-2488):
Details of XML Security WG response (and corresponding changes) is here:
http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0026.html

----
Received on Tuesday, 6 September 2011 18:24:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 September 2011 18:24:03 GMT