RE: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML Signature Streaming Profile of XPath 1.0 from Grosso, Paul on 2011-06-20 (public-xml-core-wg@w3.org from June 2011)

From: Grosso, Paul <pgrosso@ptc.com>
Date: Mon, 20 Jun 2011 13:00:26 -0400
To: <public-xml-core-wg@w3.org>
Message-ID: <9B2DE9094C827E44988F5ADAA6A2C5DA0307BB5F@HQ-MAIL9.ptcnet.ptc.com>
Jirka and others,

The XML Sig WG wants to know if we accept their response to one
of the comments we submitted.

I believe the crux is that Jirka questioned the need for another
XPath subset.  The XML Sig WG:

> ... discussed the rationale for an additional profile at the 2010 TPAC
> and Pratik has sent a message in response to this comment, see
> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0013.html

So the question is whether we accept this response and, if not, what
we want to suggest to resolve the issue.

thoughts?

paul

> -----Original Message-----
> From: public-xml-core-wg-request@w3.org [mailto:public-xml-core-wg-
> request@w3.org] On Behalf Of Grosso, Paul
> Sent: Tuesday, 2011 June 14 15:48
> To: public-xml-core-wg@w3.org
> Subject: FW: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML
> Signature Streaming Profile of XPath 1.0
> 
> 
> 
> -----Original Message-----
> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
> Sent: Tuesday, 2011 June 14 14:50
> To: Grosso, Paul; jirka@kosek.cz
> Cc: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
> Subject: Re: Last Call for XML Signature 2.0, Canonical XML 2.0 and XML
> Signature Streaming Profile of XPath 1.0
> 
> Paul, Jirka
> 
> Thank you for the comments from the XML Core WG on the XML Security 2.0
> Last Call drafts.
> 
> (1) I have entered the comments on XML Signature 2.0 into Tracker as
> Last Call comments LC-2488.  The WG is reviewing these comments.
> 
> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-
> 20110421/2488
> 
> (2) I have entered the comments on XML Signature Streaming Profile of
> XPath 1.0 into Tracker as Last Call comments LC-2489
> 
> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-xpath-
> 20110421/2489
> 
> We discussed the rationale for an additional profile at the 2010 TPAC
> and Pratik has sent a message in response to this comment, see
> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0013.html
> (recorded with LC-2489).
> 
> This should resolve this second issue so I will send  a message from
> tracker asking for agreement on the resolution to keep the profile for
> the reasons stated (I have entered Paul as the submitter of the issues
> so the mail will be addressed to Paul. If you  (on behalf of XML Core
> and Jirka) agree with our argument can you please respond that the
> resolution is accepted,  including the public xml security list, we can
> then formally close the second issue. If not, we will need to be more
> concrete on next steps to address the issues Pratik noted.
> 
> Thanks
> 
> regards, Frederick
> 
> Frederick Hirsch, Nokia
> Chair XML Security WG
> 
> 
> 
> On Jun 6, 2011, at 3:08 PM, ext Grosso, Paul wrote:
> 
> > Forwarding from XML Core to XML Signature WG.
> >
> > paul
> >
> > -----Original Message-----
> > From: Jirka Kosek [mailto:jirka@kosek.cz]
> > Sent: Tuesday, 2011 May 31 4:03
> > To: Grosso, Paul
> > Cc: public-xml-core-wg@w3.org
> > Subject: Re: FW: Last Call for XML Signature 2.0, Canonical XML 2.0
> and XML Signature Streaming Profile of XPath 1.0
> >
> > On 27.4.2011 15:37, Grosso, Paul wrote:
> >> The XML Core WG has been asked to review these specs
> >> before the end of May.  Jirka and Norm have actions
> >> to do so and report back to the WG.
> >
> > Hi,
> >
> > I spent very limited time on this and haven't time to review RELAX NG
> > schemas at all. Below are few issues I have found. I'm also attaching
> > HTML rendering.
> >
> > 				Jirka
> >
> > 1 XML Signature Syntax and Processing Version 2.0
> > --------------------------------------------------
> > [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/]
> > * Specification uses term "XML namespace URI" instead of "namespace
> name"
> >  Although this probably doesn't create confusion, such informal term
> >  shouldn't appear in W3C spec. Either proper term "namespace name"
> >  should be used (see [http://www.w3.org/TR/xml-names/#dt-NSName]) or
> at
> >  least "XML namespace URI" should be put into Appendix A -
> Definitions
> >  and be properly defined here as a synonym of "namespace name".
> > * Insufficently defined context for XPath evaluation in § "10.6.1
> > Selection of XML Documents or Fragments"
> >  XPath 1.0 specification defines the following properties for context
> >  ORG-BLOCKQUOTE-START
> >  a node (the context node)
> >  a pair of non-zero positive integers (the context position and the
> > context size)
> >  a set of variable bindings
> >  a function library
> >  the set of namespace declarations in scope for the expression
> >  ORG-BLOCKQUOTE-END
> >  Only the context node is defined in this specification, other
> >  properties should be defined as well.
> > * Typo in § "11.3 Namespace Context and Portable Signatures"
> >  In addition, the Canonical XML and Canonical XML with Comments
> >  algorithms import all XML namespace attributes (such as *xml:lang*)
> from
> >  the...
> >
> >  There shouldn't be `xml:lang', but namespace declaration attribute
> > like `xmlns:foo'.
> >
> >  Also using entity references in examples as content of namespace
> >  declarations looks quite confusing.
> > * § "B.7.2 Base64"
> >  Transformation as described assumes that operates on text node --
> >  otherwise it will always return empty string. I'm not sure whether
> >  this is correct assumption. Omitting operation 1) will fix this
> >  problem.
> >
> > 2 XML Signature Streaming Profile of XPath 1.0
> > -----------------------------------------------
> > [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/] In general I
> don't
> > think it is good idea to create yet another XPath
> > subset. Proliferation of XPath subsetting prevents using standalone
> > XPath libraries when implementing various subsets of the language. If
> > streaming is necessary then effort should be derived from XSLT 3.0
> > which provides streaming facilities.
> >
> >
> >
> > --
> > ------------------------------------------------------------------
> >  Jirka Kosek      e-mail: jirka@kosek.cz      http://xmlguru.cz
> > ------------------------------------------------------------------
> >       Professional XML consulting and training services
> >  DocBook customization, custom XSLT/XSL-FO document processing
> > ------------------------------------------------------------------
> > OASIS DocBook TC member, W3C Invited Expert, ISO JTC1/SC34 member
> > ------------------------------------------------------------------
> > <xmldsig-review-2011-05-31.html><signature.asc>
>
Received on Monday, 20 June 2011 17:01:51 UTC