RE: FW: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0 ( LC-2488) from Grosso, Paul on 2011-09-06 (public-xmlsec@w3.org from September 2011)

From: Grosso, Paul <pgrosso@ptc.com>
Date: Tue, 6 Sep 2011 14:41:28 -0400
To: <frederick.hirsch@nokia.com>
Cc: <public-xmlsec@w3.org>, <public-xml-core-wg@w3.org>
Message-ID: <9B2DE9094C827E44988F5ADAA6A2C5DA038E8BC4@HQ-MAIL9.ptcnet.ptc.com>
As I explained at
http://lists.w3.org/Archives/Public/public-xml-core-wg/2011Sep/0005

I will be offline from tomorrow through September 26, so I have taken
the liberty of making a private comment (per the above cited email).

I cannot suggest exact language, since I don't know how you want to
deal with attributes in the XML namespace like xml:id that probably
should not be "imported" (I'm not sure what "imported" means since 
a scan of the draft indicates the use in B.8 is the only use of the
otherwise undefined term).

But I'm quite sure that:

1.  you shouldn't use the term "XML namespace attributes" to refer
    to "attributes in the XML namespace", and

2.  you need to be clearer what "import" means and how you want to
    deal with at least xml:id which, I wouldn't think, you'd want
    to handle in the same way as things like xml:lang.

Apologies if I am missing something obvious; if, in my absence, the
XML Core WG disagrees with me, their opinion overrides mine.

paul

> -----Original Message-----
> From: frederick.hirsch@nokia.com [mailto:frederick.hirsch@nokia.com]
> Sent: Tuesday, 2011 September 06 13:24
> To: Grosso@jessica.w3.org; Grosso, Paul
> Cc: public-xmlsec@w3.org
> Subject: Re: FW: FW: Last Call for XML Signature 2.0, Canonical XML 2.0
> and XML Signature Streaming Profile of XPath 1.0 ( LC-2488)
> 
> 
>  Dear Grosso, Paul ,
> 
> The XML Security Working Group has reviewed the comments you sent [1]
> on
> the Last Call Working Draft [2] of the XML Signature Syntax and
> Processing
> Version 2.0 published on 21 Apr 2011. Thank you for having taken the
> time to review the document and to send us comments!
> 
> The Working Group's response to your comment is included below.
> 
> Please review it carefully and let us know by email at
> public-xmlsec@w3.org if you agree with it or not before 16 September
> 2011.
> In case of disagreement, you are requested to provide a specific
> solution
> for or a path to a consensus with the Working Group. If such a
> consensus
> cannot be achieved, you will be given the opportunity to raise a formal
> objection which will then be reviewed by the Director during the
> transition
> of this document to the next stage in the W3C Recommendation Track.
> 
> Thanks,
> 
> For the XML Security Working Group,
> Thomas Roessler
> W3C Staff Contact
> 
>  1.
> http://www.w3.org/mid/9B2DE9094C827E44988F5ADAA6A2C5DA02EE3A07@HQ-

> MAIL9.ptcnet.ptc.com
>  2. http://www.w3.org/TR/2011/WD-xmldsig-core2-20110421/

> 
> 
> =====
> 
> Your comment on the document as a whole:
> > 1 XML Signature Syntax and Processing Version 2.0
> >
> > http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/

> >
> > Specification uses term "XML namespace URI" instead of "namespace
> name"
> >
> > Although this probably doesn't create confusion, such informal term
> > shouldn't appear in W3C spec. Either proper term "namespace name"
> should
> > be used (see http://www.w3.org/TR/xml-names/#dt-NSName) or at least
> "XML
> > namespace URI" should be put into Appendix A - Definitions and be
> > properly defined here as a synonym of "namespace name".
> > Insufficently defined context for XPath evaluation in  "10.6.1
> > Selection of XML Documents or Fragments"
> > XPath 1.0 specification defines the following properties for context
> > a node (the context node)
> > a pair of non-zero positive integers (the context position and the
> > context size)
> > a set of variable bindings
> > a function library
> > the set of namespace declarations in scope for the expression
> >
> > Only the context node is defined in this specification, other
> > properties should be defined as well.
> >
> > Typo in  "11.3 Namespace Context and Portable Signatures"
> > In addition, the Canonical XML and Canonical XML with Comments
> > algorithms import all XML namespace attributes (such as xml:lang)
> from
> > theâ€¦
> > There shouldn't be xml:lang, but namespace declaration attribute like
> > xmlns:foo.
> >
> > Also using entity references in examples as content of namespace
> > declarations looks quite confusing.
> >
> > "B.7.2 Base64"
> > Transformation as described assumes that operates on text node --
> > otherwise it will always return empty string. I'm not sure whether
> this
> > is correct assumption. Omitting operation 1) will fix this problem
> 
> 
> Working Group Resolution (LC-2488):
> Details of XML Security WG response (and corresponding changes) is
> here:
> http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0026.html

> 
> ----
>
Received on Tuesday, 6 September 2011 18:41:57 UTC