- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 12 May 2008 11:05:16 -0400
- To: ext Innovimax W3C <innovimax+w3c@gmail.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "XMLSec XMLSec" <public-xmlsec-maintwg@w3.org>, "ext Thomas Roessler" <tlr@w3.org>
- Message-Id: <85F4BDDD-7B8A-458D-9E01-D55973926E92@nokia.com>
Mohamed We have implemented changes to the XML Signature, Second Edition draft to address the concerns you noted. In particular we have (a) updated the C14N11 reference to reference the Recommendation (thanks for reminding us of this) [1], (b) removed the Unicode reference [2] and (c) updated the XML and Namespaces references to XML Fourth Edition and Namespaces Second edition, respectively [3][4]. Can you please take a look and confirm that these changes address all of your concerns? Thanks regards, Frederick Frederick Hirsch, Nokia Chair XML Security Specifications Maintenance WG [1] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ Overview.html#ref-XML-C14N11 [2] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ Overview.html#ref-SOAP [3] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ Overview.html#ref-XML [4] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ Overview.html#ref-XML-ns Clean version of draft without redlines is at http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html Explanation of changes document is at http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/explain.html On May 7, 2008, at 12:39 AM, ext Innovimax W3C wrote: > Ok so > > One last thing > > Update > [[ > XML-C14N11 > Canonical XML 1.1. W3C Proposed Recommendation. J. Boyer, G. Marcy. > 29 January 2008. > http://www.w3.org/TR/2008/PR-xml-c14n11-20080129 > ]] > to > [[ > XML-C14N11 > Canonical XML 1.1. W3C Recommendation. J. Boyer, G. Marcy. 2 May 2008. > http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/ > ]] > If you may send me the whole Reference block, after update, so I > can remove my objections > > Regards, > > Mohamed > > On Wed, May 7, 2008 at 1:34 AM, Frederick Hirsch > <frederick.hirsch@nokia.com> wrote: > Mohamed > > No, not all the references are normative but the others should be > less confusing given the context. > > In future work on XML Security it sounds like it would be a good > practice to distinguish normative and informative references more > clearly. In this Second Edition PER we are attempting to minimize > changes from the first edition. > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On May 6, 2008, at 6:04 PM, ext Innovimax W3C wrote: > >> Thanks, that should help >> >> But does it mean that all other references are normative ? >> >> Regards, >> >> Mohamed >> >> On Tue, May 6, 2008 at 11:30 PM, Frederick Hirsch >> <frederick.hirsch@nokia.com> wrote: >> Mohamed >> >> Thanks for providing the information regarding the Unicode >> reference in the XML Signature, Second Edition PER. >> >> We discussed this issue on today's working group call and came to >> the conclusion that we should remove the Unicode reference from >> the document [1]. This should remove the possibility of any >> misinterpretation of the reference and not raise any false >> implications. >> >> The rationale is that the reference is not normative, not referred >> to in the document, and not very precise as it refers to a web >> page and may be misinterpreted. The Working Group felt that the >> best approach is to allow the XML specification to refer to >> Unicode appropriately. >> >> This decision by the working group should close this issue. >> >> If you have any concerns please respond to this email including >> the public-xmlsec-maintwg mail address as a recipient. If we hear >> nothing we will assume that the response is acceptable, but would >> prefer an acknowledgment that this is acceptable. >> >> Thank you >> >> regards, Frederick >> >> Frederick Hirsch, Nokia >> Chair XML Security Specifications Maintenance WG >> >> [1] http://www.w3.org/2008/05/06-xmlsec-minutes.html#item08 >> >> On Apr 30, 2008, at 4:27 AM, ext Innovimax W3C wrote: >> >>> Sure, the problem is consistency between the Unicode version >>> Referenced in XML 1.0 Specification and the Unicode version >>> referenced directly in the spec >>> >>> Indeed, XML 1.0 Specification Fourth Edition references Unicode 2 >>> AND Unicode 3.2, and also ISO/IEC 10646 as normative reference >>> >>> For XML Signature, there is no distinction between normative >>> reference and non normative, so it is assumed that all are >>> normative !! >>> >>> Which imply that >>> >>> for example the reference to UAX #15 (called NFC TR15) is a bit >>> old (1999) but is consistent with Unicode 3.2 >>> >>> but your reference to Unicode is not sufficiently precise (you're >>> pointing to the home page) which could lead to problem if someone >>> wants to points to recent Unicode version >>> >>> So may be the solution is just to split reference between, >>> normative and informative >>> >>> Regards, >>> >>> Mohamed >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On Wed, Apr 30, 2008 at 2:13 AM, Frederick Hirsch >>> <frederick.hirsch@nokia.com> wrote: >>> I believe updating an XML 1.0, Second Edition [1] reference to >>> XML 1.0 Fourth Edition [2] in XML Signature, Second Edition PER >>> [3] may be useful and appropriate. >>> >>> (1) It appears that the Fourth Edition is mostly editorial >>> changes for clarity, as well as incorporation of errata [4]. One >>> of these errata corresponds to changes in XML Signature Second >>> Edition, an update of the URI reference from RFC 2732 to RFC 3986. >>> "This fourth edition is not a new version of XML. As a >>> convenience to readers, it incorporates the changes dictated by >>> the accumulated errata (available at http://www.w3.org/XML/xml- >>> V10-3e-errata) to the Third Edition of XML 1.0, dated 4 February >>> 2004. In addition, the markup introduced in the third edition, to >>> clarify when prescriptive keywords are used in the formal sense >>> defined in [IETF RFC 2119], has been modified to better match the >>> intent of [IETF RFC 2119]" >>> >>> (2) Likewise XML 1.0 Third edition incorporates editorial changes >>> for clarity and incorporation of errata [5]. >>> >>> "This third edition is not a new version of XML. As a convenience >>> to readers, it incorporates the changes dictated by the >>> accumulated errata (available at http://www.w3.org/XML/xml-V10-2e- >>> errata) to the Second Edition of XML 1.0, dated 6 October 2000. >>> In addition, markup has been introduced on a significant portion >>> of the prescriptions of the specification, clarifying when >>> prescriptive keywords such as must, should and may are used in >>> the formal sense defined in [IETF RFC 2119]" >>> >>> Do members of this group, in particular those involved with the >>> XML Core WG, believe it would be appropriate to update the XML >>> 1.0 reference in XML Signature, Second Edition to the Fourth >>> Edition of XML, and would doing so be viewed as editorial or a >>> more substantive change? >>> >>> Would such a change have an impact on implementors? >>> >>> It may be that XML Signature is mostly orthogonal to those >>> changes, in particular since the XML Fourth edition does not >>> represent a new version of XML, and thus this could be treated >>> as editorial >>> >>> (3) A similar issue may also apply to Namespaces in XML 1.0 [6] >>> which have been updated to Namespaces in XML 1.0, Second Edition >>> [7], where the errata includes primarily the deprecation of >>> relative URIs in namespace declarations [8]. What are thoughts on >>> updating this reference, treating it as editorial? >>> >>> It seems these changes are editorial in nature. Do you have >>> insights or views on this? >>> >>> I'm not sure I understand that the unicode reference needs >>> updating, any thoughts on that reference? >>> >>> Thanks >>> >>> regards, Frederick >>> >>> Frederick Hirsch >>> Nokia >>> >>> [1] http://www.w3.org/TR/2000/REC-xml-20001006 >>> >>> [2] http://www.w3.org/TR/2006/REC-xml-20060816/ >>> >>> [3] http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/ >>> >>> [4] http://www.w3.org/TR/2006/PER-xml-20060614/ >>> >>> [5] http://www.w3.org/TR/2004/REC-xml-20040204/ >>> >>> [6] http://www.w3.org/TR/1999/REC-xml-names-19990114/ >>> >>> [7] http://www.w3.org/TR/REC-xml-names/ >>> >>> [8] http://www.w3.org/TR/REC-xml-names/#errata10 >>> >>> regards, Frederick >>> >>> Frederick Hirsch >>> Nokia >>> >>> >>> >>> >>> On Apr 29, 2008, at 9:29 AM, ext Thomas Roessler wrote: >>> >>> Hello, >>> >>> we've received one comment about XML Signature PER which requests a >>> review of the references, specifically XML 2nd Edition and Unicode. >>> >>> Forwarded with permission. >>> >>> Regards, >>> -- >>> Thomas Roessler, W3C <tlr@w3.org> +33-4-89063488 >>> >>> >>> >>> >>> >>> >>> On 2008-04-06 13:10:01 +0000, WBS Mailer on behalf of innovimax >>> +w3c@gmail.com wrote: >>> From: "WBS Mailer on behalf of innovimax+w3c@gmail.com" >>> <webmaster@w3.org> >>> To: innovimax+w3c@gmail.com, >>> team-security-activity-proposal-review@w3.org >>> Date: Sun, 06 Apr 2008 13:10:01 +0000 >>> Subject: [wbs] response to 'Call for Review: XML Signature Syntax >>> and >>> Processing (Second Edition)?? is W3C Proposed >>> Recommendation' >>> Reply-To: innovimax+w3c@gmail.com >>> List-Id: <team-security-activity-proposal-review.w3.org> >>> X-Spam-Level: >>> Archived-At: >>> <http://www.w3.org/mid/wbs- >>> f743d3cf28a5f52bede4713530dde6b5@cgi.w3.o >>> rg> >>> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.6 >>> >>> >>> >>> The following answers have been successfully submitted to 'Call >>> for Review: >>> XML Signature Syntax and Processing (Second Edition) >>> is W3C Proposed Recommendation' (Advisory Committee) for >>> INNOVIMAX by >>> Mohamed ZERGAOUI. >>> >>> Regarding the "XML Signature Syntax and Processing (Second Edition)" >>> specification, the reviewer suggests changes, and only supports >>> publication as a Recommendation if the changes are adopted. >>> >>> >>> Additional comments about the specification: >>> The references are almost all out of synch and may introduce >>> burden >>> because of misinterpretation, mainly due to references to old >>> Unicode >>> publication directly and to XML second edition. >>> >>> I ask that all reference should be carefully weighted to not >>> introduce >>> more problems than solutions >>> >>> >>> The reviewer's organization: >>> - produces products addressed by this specification >>> >>> Answers to this questionnaire can be set and changed at >>> http://www.w3.org/2002/09/wbs/33280/xmlsigper2008/ until 2008-04-30. >>> >>> Regards, >>> >>> The Automatic WBS Mailer >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> Innovimax SARL >>> Consulting, Training & XML Development >>> 9, impasse des Orteaux >>> 75020 Paris >>> Tel : +33 9 52 475787 >>> Fax : +33 1 4356 1746 >>> http://www.innovimax.fr >>> RCS Paris 488.018.631 >>> SARL au capital de 10.000 € >> >> >> >> >> -- >> Innovimax SARL >> Consulting, Training & XML Development >> 9, impasse des Orteaux >> 75020 Paris >> Tel : +33 9 52 475787 >> Fax : +33 1 4356 1746 >> http://www.innovimax.fr >> RCS Paris 488.018.631 >> SARL au capital de 10.000 € > > > > > -- > Innovimax SARL > Consulting, Training & XML Development > 9, impasse des Orteaux > 75020 Paris > Tel : +33 9 52 475787 > Fax : +33 1 4356 1746 > http://www.innovimax.fr > RCS Paris 488.018.631 > SARL au capital de 10.000 €
Received on Monday, 12 May 2008 15:07:59 UTC