RE: New C14N/1.1 WD and Web Services Policy 1.5 - Framework (ed. copy)

> Our email to you was a suggestion that you might want
> to review the latest C14N related WDs.

>ACTION-127 review C14N/1.1 WD on behalf of the WG
http://www.w3.org/2005/06/tracker/wspolicy/actions/127

I volunteered to do a review on behalf of the WS-Policy WG.

I have no technical comments on the C14N related WDs.

I believe they correctly describe the problems caused by xml:base and xml:id to C14N and offer some interesting solutions.

Personal I think it will be interesting to see if these solutions can be turned into Normative text and how long the industry takes to adopt them.  Until such time I believe that many specs will avoid using xml:id  as the only ID attribute.

/paulc

Paul Cotton, Microsoft Canada
17 Eleanor Drive, Ottawa, Ontario K2E 6A3
Tel: (613) 225-5445 Fax: (425) 936-7329
mailto:Paul.Cotton@microsoft.com





> -----Original Message-----
> From: Grosso, Paul [mailto:pgrosso@ptc.com]
> Sent: October 11, 2006 12:04 PM
> To: Paul Cotton; public-xml-core-wg@w3.org
> Cc: public-ws-policy@w3.org
> Subject: RE: New C14N/1.1 WD and Web Services Policy 1.5 - Framework (ed.
> copy)
>
> Our email to you was a suggestion that you might want
> to review the latest C14N related WDs.
>
> As such, we made no comment for you to dispose, so we
> have no reply to your request to let you know if we
> agree with anything.
>
> Should we take your message as a review of the C14N 1.1
> WD?  If so, I'm not sure if there is a comment herein
> for us to dispose, but in case there is, we thank you
> for your comment, and we plan no changes to the drafts
> as a result of your review.
>
> Please let us know if you agree with this disposition of
> your comment.
>
> paul
>
> > -----Original Message-----
> > From: Paul Cotton [mailto:Paul.Cotton@microsoft.com]
> > Sent: Wednesday, 2006 October 04 11:59
> > To: jose.kahan@w3.org
> > Cc: public-ws-policy@w3.org
> > Subject: RE: New C14N/1.1 WD and Web Services Policy 1.5 -
> > Framework (ed. copy)
> >
> > The WS-Policy WG has reviewed your email and we believe the
> > heart of the XML Core WG proposal is in the following paragraph:
> >
> > > You may wish to apply the procedure described in Section 2.2 of the
> > > dsig-usage note [2] to apply a C14N/1.1 transformation. This could
> > > help you avoid having to define an alternate xml:id attribute.
> >
> > The WS-Policy WG does NOT want to remove the usage of wsu:id
> > from our specification due to the following three reasons:
> >
> > a) Support for wsu:id must not be removed since our charter
> > strongly urges backwards compatibility with existing policy
> > assertions in:
> > "Web Services Policy should remain compatible with existing
> > policy assertions and offer a smooth migration path for these
> > assertions (where applicable)."
> >
> > b) Support for wsu:id must not be removed since it is
> > unlikely that WS-Policy CR implementations will include
> > support for xml:id, C14N/1.1 and/or the as yet to be started
> > revised version of XML DSig.
> >
> > c) Support for wsu:id must not be removed since it is
> > premature to normatively depend on C14N/1.1 or the dsig-usage
> > Note since they have not yet proceeded through CR and the
> > proposed W3C XML DSig revision work has not yet begun
> > (although it is proposed).
> >
> > The WS-Policy WG is willing to add non-normative references
> > to the C14N/1.1 WD and the dsig-usage Note as guidance to how
> > the problems with xml:id MAY be solved.
> >
> > Please let us know if you agree with this disposition of your comment.
> >
> > /paulc
> > For the WS-Policy WG
> >
> > Paul Cotton, Microsoft Canada
> > 17 Eleanor Drive, Ottawa, Ontario K2E 6A3
> > Tel: (613) 225-5445 Fax: (425) 936-7329
> > mailto:Paul.Cotton@microsoft.com
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: public-ws-policy-request@w3.org [mailto:public-ws-policy-
> > > request@w3.org] On Behalf Of Jose Kahan
> > > Sent: September 20, 2006 11:35 AM
> > > To: public-ws-policy@w3.org
> > > Subject: New C14N/1.1 WD and Web Services Policy 1.5 -
> > Framework (ed.
> > > copy)
> > >
> > >
> > > Hello,
> > >
> > > I'm writing on behalf of the XML-Core Working Group. We'd
> > like to bring to
> > > your attention that we have published three C14N related
> > documents and
> > > welcome
> > > review to them [1].
> > >
> > > Specifically, there is a new Working Draft for C14N/1.1
> > that takes into
> > > account different issues related to C14N and the evolution
> > of XML core
> > > technologies, including xml:id.
> > >
> > > In parallel, W3C is working on a charter for a new W3C
> > Working Group that
> > > would have task of making an editorial revision of XML
> > Signature to make
> > > mandatory the use of C14N/1.1, thus making it possible to
> > correctly take
> > > into
> > > documents that include xml:id attributes. See the related
> > dsig-usage note
> > > [2] and the thread on the w3c-ietf-xmldsig mailing list [3].
> > >
> > > In particular, this work should solve the problem you describe in
> > > Section 4.2 of the recent Editor's Draft for the Web
> > Services Policy 1.5 -
> > > Framework [4]:
> > >
> > > <quote>
> > >
> > > /wsp:Policy/(@wsu:Id | @xml:id)
> > >
> > > The identity of the policy expression as an ID within the
> > enclosing XML
> > > document. If omitted, there is no implied value. To refer
> > to this policy
> > > expression, an IRI-reference  MAY be formed using this
> > value per Section
> > > 4.2 of WS-Security [WS-Security 2004] when @wsu:Id is used.
> > >
> > > The use of xml:id attribute in conjunction with Canonical XML 1.0 is
> > > inappropriate as described in Appendix C of xml:id Version
> > 1.0 [XML ID]
> > > and thus this combination must be avoided (see [C14N 1.0 Note]). For
> > > example, a policy expression identified using xml:id
> > attribute should not
> > > be signed using XML Digital Signature when Canonical XML
> > 1.0 is being used
> > > as the canonicalization method.
> > >
> > > </quote>
> > >
> > > You may wish to apply the procedure described in Section 2.2 of the
> > > dsig-usage note [2] to apply a C14N/1.1 transformation.
> > This could help
> > > you avoid having to define an alternate xml:id attribute.
> > >
> > > You can send comments related to the C14N drafts to the following
> > > public-archived list:
> > >
> > >    www-xml-canonicalization-comments@w3.org
> > >
> > > Best regards,
> > >
> > > -jose
> > >
> > > [1]
> > >
> > http://www.w3.org/2002/02/mid/CF83BAA719FD2C439D25CBB1C9D1D302
> > 04ABFCD3@HQ-
> > > MAIL4.ptcnet.ptc.com
> > >
> > > [2] http://www.w3.org/TR/2006/WD-DSig-usage-20060915/
> > >
> > > [3]
> > >
> > http://www.w3.org/2002/02/mid/20060918163151.GO2766@raktajino.
> > does-not-
> > > exist.org
> > >
> > > [4]
> > > http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-
> > >
> > framework.html?content-type=text/html;charset=utf-8#Policy_Ide
> > ntification
> >
> >
> >

Received on Wednesday, 18 October 2006 23:30:47 UTC