- From: Paul Cotton <Paul.Cotton@microsoft.com>
- Date: Wed, 18 Oct 2006 16:30:21 -0700
- To: "Grosso, Paul" <pgrosso@ptc.com>, "public-xml-core-wg@w3.org" <public-xml-core-wg@w3.org>
- CC: "public-ws-policy@w3.org" <public-ws-policy@w3.org>
> Our email to you was a suggestion that you might want > to review the latest C14N related WDs. >ACTION-127 review C14N/1.1 WD on behalf of the WG http://www.w3.org/2005/06/tracker/wspolicy/actions/127 I volunteered to do a review on behalf of the WS-Policy WG. I have no technical comments on the C14N related WDs. I believe they correctly describe the problems caused by xml:base and xml:id to C14N and offer some interesting solutions. Personal I think it will be interesting to see if these solutions can be turned into Normative text and how long the industry takes to adopt them. Until such time I believe that many specs will avoid using xml:id as the only ID attribute. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com > -----Original Message----- > From: Grosso, Paul [mailto:pgrosso@ptc.com] > Sent: October 11, 2006 12:04 PM > To: Paul Cotton; public-xml-core-wg@w3.org > Cc: public-ws-policy@w3.org > Subject: RE: New C14N/1.1 WD and Web Services Policy 1.5 - Framework (ed. > copy) > > Our email to you was a suggestion that you might want > to review the latest C14N related WDs. > > As such, we made no comment for you to dispose, so we > have no reply to your request to let you know if we > agree with anything. > > Should we take your message as a review of the C14N 1.1 > WD? If so, I'm not sure if there is a comment herein > for us to dispose, but in case there is, we thank you > for your comment, and we plan no changes to the drafts > as a result of your review. > > Please let us know if you agree with this disposition of > your comment. > > paul > > > -----Original Message----- > > From: Paul Cotton [mailto:Paul.Cotton@microsoft.com] > > Sent: Wednesday, 2006 October 04 11:59 > > To: jose.kahan@w3.org > > Cc: public-ws-policy@w3.org > > Subject: RE: New C14N/1.1 WD and Web Services Policy 1.5 - > > Framework (ed. copy) > > > > The WS-Policy WG has reviewed your email and we believe the > > heart of the XML Core WG proposal is in the following paragraph: > > > > > You may wish to apply the procedure described in Section 2.2 of the > > > dsig-usage note [2] to apply a C14N/1.1 transformation. This could > > > help you avoid having to define an alternate xml:id attribute. > > > > The WS-Policy WG does NOT want to remove the usage of wsu:id > > from our specification due to the following three reasons: > > > > a) Support for wsu:id must not be removed since our charter > > strongly urges backwards compatibility with existing policy > > assertions in: > > "Web Services Policy should remain compatible with existing > > policy assertions and offer a smooth migration path for these > > assertions (where applicable)." > > > > b) Support for wsu:id must not be removed since it is > > unlikely that WS-Policy CR implementations will include > > support for xml:id, C14N/1.1 and/or the as yet to be started > > revised version of XML DSig. > > > > c) Support for wsu:id must not be removed since it is > > premature to normatively depend on C14N/1.1 or the dsig-usage > > Note since they have not yet proceeded through CR and the > > proposed W3C XML DSig revision work has not yet begun > > (although it is proposed). > > > > The WS-Policy WG is willing to add non-normative references > > to the C14N/1.1 WD and the dsig-usage Note as guidance to how > > the problems with xml:id MAY be solved. > > > > Please let us know if you agree with this disposition of your comment. > > > > /paulc > > For the WS-Policy WG > > > > Paul Cotton, Microsoft Canada > > 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 > > Tel: (613) 225-5445 Fax: (425) 936-7329 > > mailto:Paul.Cotton@microsoft.com > > > > > > > > > > > > > -----Original Message----- > > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > > > request@w3.org] On Behalf Of Jose Kahan > > > Sent: September 20, 2006 11:35 AM > > > To: public-ws-policy@w3.org > > > Subject: New C14N/1.1 WD and Web Services Policy 1.5 - > > Framework (ed. > > > copy) > > > > > > > > > Hello, > > > > > > I'm writing on behalf of the XML-Core Working Group. We'd > > like to bring to > > > your attention that we have published three C14N related > > documents and > > > welcome > > > review to them [1]. > > > > > > Specifically, there is a new Working Draft for C14N/1.1 > > that takes into > > > account different issues related to C14N and the evolution > > of XML core > > > technologies, including xml:id. > > > > > > In parallel, W3C is working on a charter for a new W3C > > Working Group that > > > would have task of making an editorial revision of XML > > Signature to make > > > mandatory the use of C14N/1.1, thus making it possible to > > correctly take > > > into > > > documents that include xml:id attributes. See the related > > dsig-usage note > > > [2] and the thread on the w3c-ietf-xmldsig mailing list [3]. > > > > > > In particular, this work should solve the problem you describe in > > > Section 4.2 of the recent Editor's Draft for the Web > > Services Policy 1.5 - > > > Framework [4]: > > > > > > <quote> > > > > > > /wsp:Policy/(@wsu:Id | @xml:id) > > > > > > The identity of the policy expression as an ID within the > > enclosing XML > > > document. If omitted, there is no implied value. To refer > > to this policy > > > expression, an IRI-reference MAY be formed using this > > value per Section > > > 4.2 of WS-Security [WS-Security 2004] when @wsu:Id is used. > > > > > > The use of xml:id attribute in conjunction with Canonical XML 1.0 is > > > inappropriate as described in Appendix C of xml:id Version > > 1.0 [XML ID] > > > and thus this combination must be avoided (see [C14N 1.0 Note]). For > > > example, a policy expression identified using xml:id > > attribute should not > > > be signed using XML Digital Signature when Canonical XML > > 1.0 is being used > > > as the canonicalization method. > > > > > > </quote> > > > > > > You may wish to apply the procedure described in Section 2.2 of the > > > dsig-usage note [2] to apply a C14N/1.1 transformation. > > This could help > > > you avoid having to define an alternate xml:id attribute. > > > > > > You can send comments related to the C14N drafts to the following > > > public-archived list: > > > > > > www-xml-canonicalization-comments@w3.org > > > > > > Best regards, > > > > > > -jose > > > > > > [1] > > > > > http://www.w3.org/2002/02/mid/CF83BAA719FD2C439D25CBB1C9D1D302 > > 04ABFCD3@HQ- > > > MAIL4.ptcnet.ptc.com > > > > > > [2] http://www.w3.org/TR/2006/WD-DSig-usage-20060915/ > > > > > > [3] > > > > > http://www.w3.org/2002/02/mid/20060918163151.GO2766@raktajino. > > does-not- > > > exist.org > > > > > > [4] > > > http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy- > > > > > framework.html?content-type=text/html;charset=utf-8#Policy_Ide > > ntification > > > > > >
Received on Wednesday, 18 October 2006 23:30:47 UTC