XMLE Review: xmlp wg comments to XMLE/Canonicalization WDs from David Orchard on 2001-12-07 (xml-dist-app@w3.org from December 2001)

From: David Orchard <dorchard@bea.com>
Date: Fri, 7 Dec 2001 12:53:02 -0800
To: <xml-dist-app@w3.org>
Message-ID: <001b01c17f61$2a197030$6c0ba8c0@beasys.com>

I'd like to gather comments from xmlp members for the XMLE[1] and
canonicalization WD[2]

My comments from July[3], and I believe are still not addressed.  My
comments are around the usage scenarios of SOAP with XMLE, and the
processing model under validation and transformation.  Because XMLE provides
a schema, it presumably must be used by an XML Schema validator.  But there
is no treatment for how a document author of the unencrypted content or
schema should use the XMLE schema - especially given that XMLE content will
be inside SOAP elements.

In general, my comments are not SOAP specific.  The same questions arise
when retrieving a document with XMLE content whether it be SOAP or foo
encoded.  I suggest that the XMLE group should provide documentation that
describes the expected processing and validation model for documents
containing XMLE content.  While section 4 of [1] describes detailed element
processing, perhaps a new section describing message/document processing
would be useful, eg. "4.4 Complete message processing model".  I'm not sure
whether it should be normative or non-normative, though I lean to
non-normative.  Perhaps another option - though I'm not in favour of it -
would be to have a separate document published by XMLE on the topic.

If it is true that encyrption of portions of SOAP messgaes are a primary
justification for XMLE then it seems fairly important to have at least
described the overall processing model and how it works for SOAP messages.
I suggest that treatment of an enrypted and/or signed SOAP header would be a
sufficient usage scenario that would satisfy other non-soap applications.

This would certainly help for groups that have publicly stated intensions of
use SOAP and XMLE, such as OASIS SAML.

Cheers,
Dave

[1] http://lists.w3.org/Archives/Member/chairs/2001OctDec/0014.html
[2] http://lists.w3.org/Archives/Member/chairs/2001OctDec/0034.html
[3] http://lists.w3.org/Archives/Public/xml-encryption/2001Jul/0019.html

Received on Friday, 7 December 2001 15:55:51 UTC