Re: References in XML Signature PER from Innovimax W3C on 2008-05-12 (public-xmlsec-maintwg@w3.org from May 2008)

From: Innovimax W3C <innovimax+w3c@gmail.com>
Date: Mon, 12 May 2008 18:30:42 +0200
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>
Cc: "XMLSec XMLSec" <public-xmlsec-maintwg@w3.org>, "ext Thomas Roessler" <tlr@w3.org>
Message-ID: <546c6c1c0805120930k1411af6ch4a5f770f8bdb4ea@mail.gmail.com>
Thanks That's great !

Last thing XSL (a.k.a XSL-FO) is in the reference list but never
referenced in your spec (furthermore it has been replaced by XSL 1.1)

Sorry to find it only now

Other than that, that's simply perfect !

Regards,

Mohamed

On Mon, May 12, 2008 at 5:05 PM, Frederick Hirsch
<frederick.hirsch@nokia.com> wrote:
>  Mohamed
>
> We have implemented changes to the XML Signature, Second Edition draft to
> address the concerns you noted.
>
> In particular we have (a) updated the C14N11 reference to reference the
> Recommendation (thanks for reminding us of this) [1], (b) removed the
> Unicode reference [2] and (c) updated the XML and Namespaces references to
> XML Fourth Edition and Namespaces Second edition, respectively [3][4].
>
> Can you please take a look and confirm that these changes address all of
> your concerns?
>
> Thanks
>
>
> regards, Frederick
>
> Frederick Hirsch, Nokia
> Chair XML Security Specifications Maintenance WG
>
> [1]
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/Overview.html#ref-XML-C14N11
>
> [2] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/Overview.html#ref-SOAP
>
> [3] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/Overview.html#ref-XML
>
> [4]
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/Overview.html#ref-XML-ns
>
> Clean version of draft without redlines is at
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html
>
> Explanation of changes document is at
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/explain.html
>
>
>
>
>
> On May 7, 2008, at 12:39 AM, ext Innovimax W3C wrote:
> Ok so
>
> One last thing
>
> Update
> [[
> XML-C14N11Canonical XML 1.1. W3C Proposed Recommendation. J. Boyer, G.
> Marcy. 29 January 2008.
>  http://www.w3.org/TR/2008/PR-xml-c14n11-20080129]]to
> [[
> XML-C14N11Canonical XML 1.1. W3C Recommendation. J. Boyer, G. Marcy. 2 May
> 2008.
>  http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/]]If you may send me the
> whole Reference block, after update, so I can remove my objections
>
> Regards,
>
> Mohamed
>
> On Wed, May 7, 2008 at 1:34 AM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
> >
> > Mohamed
> >
> >
> > No, not all the references are normative but the others should be less
> confusing given the context.
> >
> >
> > In future work on XML Security it sounds like it would be a good practice
> to distinguish normative and informative references more clearly. In this
> Second Edition PER we are attempting to minimize changes from the first
> edition.
> >
> >
> >
> >
> >
> > regards, Frederick
> >
> >
> > Frederick Hirsch
> > Nokia
> >
> >
> >
> >
> >
> >
> >
> >
> > On May 6, 2008, at 6:04 PM, ext Innovimax W3C wrote:
> >
> > Thanks, that should help
> >
> > But does it mean that all other references are normative ?
> >
> > Regards,
> >
> > Mohamed
> >
> >
> > On Tue, May 6, 2008 at 11:30 PM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
> >
> > >
> > > Mohamed
> > >
> > >
> > > Thanks for providing the information regarding the Unicode reference in
> the XML Signature, Second Edition PER.
> > >
> > >
> > > We discussed this issue on today's working group call and came to the
> conclusion that we should remove the Unicode reference from the document
> [1]. This should remove the possibility of any misinterpretation of the
> reference and not raise any false implications.
> > >
> > >
> > > The rationale is that the reference is not normative, not referred to in
> the document, and not very precise as it refers to a web page and may be
> misinterpreted. The Working Group felt that the best approach is to allow
> the XML specification to refer to Unicode appropriately.
> > >
> > >
> > > This decision by the working group should close this issue.
> > >
> > >
> > > If you have any concerns please respond to this email including the
> public-xmlsec-maintwg mail address as a recipient. If we hear nothing we
> will assume that the response is acceptable, but would prefer an
> acknowledgment that this is acceptable.
> > >
> > >
> > > Thank you
> > >
> > >
> > >
> > >
> > >
> > > regards, Frederick
> > >
> > >
> > > Frederick Hirsch, Nokia
> > > Chair XML Security Specifications Maintenance WG
> > > [1] http://www.w3.org/2008/05/06-xmlsec-minutes.html#item08
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Apr 30, 2008, at 4:27 AM, ext Innovimax W3C wrote:
> > >
> > > Sure, the problem is consistency between the Unicode version Referenced
> in XML 1.0 Specification and the Unicode version referenced directly in the
> spec
> > >
> > > Indeed, XML 1.0 Specification Fourth Edition references Unicode 2 AND
> Unicode 3.2, and also ISO/IEC 10646 as normative reference
> > >
> > > For XML Signature, there is no distinction between normative reference
> and non normative, so it is assumed that all are normative !!
> > >
> > > Which imply that
> > >
> > > for example the reference to UAX #15 (called NFC TR15) is a bit old
> (1999) but is consistent with Unicode 3.2
> > >
> > > but your reference to Unicode is not sufficiently precise (you're
> pointing to the home page) which could lead to problem if someone wants to
> points to recent Unicode version
> > >
> > > So may be the solution is just to split reference between, normative and
> informative
> > >
> > > Regards,
> > >
> > > Mohamed
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Wed, Apr 30, 2008 at 2:13 AM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
> > >
> > > > I  believe updating an  XML 1.0, Second Edition [1] reference to XML
> 1.0 Fourth Edition [2] in XML Signature, Second Edition PER [3] may be
> useful and appropriate.
> > > >
> > > > (1) It appears that the Fourth Edition is mostly editorial changes for
> clarity, as well as incorporation of errata [4]. One of these errata
> corresponds to changes in XML Signature Second Edition, an update of the URI
> reference from RFC 2732 to RFC 3986.
> > > > "This fourth edition is not a new version of XML. As a convenience to
> readers, it incorporates the changes dictated by the accumulated errata
> (available at http://www.w3.org/XML/xml-V10-3e-errata) to the Third Edition
> of XML 1.0, dated 4 February 2004. In addition, the markup introduced in the
> third edition, to clarify when prescriptive keywords are used in the formal
> sense defined in [IETF RFC 2119], has been modified to better match the
> intent of [IETF RFC 2119]"
> > > >
> > > > (2) Likewise XML 1.0 Third edition incorporates editorial changes for
> clarity and incorporation of errata [5].
> > > >
> > > > "This third edition is not a new version of XML. As a convenience to
> readers, it incorporates the changes dictated by the accumulated errata
> (available at http://www.w3.org/XML/xml-V10-2e-errata) to the Second Edition
> of XML 1.0, dated 6 October 2000. In addition, markup has been introduced on
> a significant portion of the prescriptions of the specification, clarifying
> when prescriptive keywords such as must, should and may are used in the
> formal sense defined in [IETF RFC 2119]"
> > > >
> > > > Do members of this group, in particular those involved with the XML
> Core WG, believe it would be appropriate to update the XML 1.0 reference in
> XML Signature, Second Edition to the Fourth Edition of XML, and would doing
> so be viewed as editorial or a more substantive change?
> > > >
> > > > Would such a change have an impact on implementors?
> > > >
> > > > It may be that XML Signature is mostly orthogonal to those changes, in
> particular since the XML Fourth edition does not represent a new version of
> XML,  and thus this could be treated as editorial
> > > >
> > > > (3) A similar issue may also apply to Namespaces  in XML 1.0 [6] which
> have been updated to Namespaces  in XML 1.0, Second Edition [7], where the
> errata includes primarily  the deprecation of relative URIs in namespace
> declarations [8]. What are thoughts on updating this reference, treating it
> as editorial?
> > > >
> > > > It seems these changes are editorial in nature. Do you have insights
> or views on this?
> > > >
> > > > I'm not sure I understand that the unicode reference needs updating,
> any thoughts on that reference?
> > > >
> > > > Thanks
> > > >
> > > > regards, Frederick
> > > >
> > > > Frederick Hirsch
> > > > Nokia
> > > >
> > > > [1] http://www.w3.org/TR/2000/REC-xml-20001006
> > > >
> > > > [2] http://www.w3.org/TR/2006/REC-xml-20060816/
> > > >
> > > > [3] http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/
> > > >
> > > > [4] http://www.w3.org/TR/2006/PER-xml-20060614/
> > > >
> > > > [5] http://www.w3.org/TR/2004/REC-xml-20040204/
> > > >
> > > > [6] http://www.w3.org/TR/1999/REC-xml-names-19990114/
> > > >
> > > > [7] http://www.w3.org/TR/REC-xml-names/
> > > >
> > > > [8] http://www.w3.org/TR/REC-xml-names/#errata10
> > > >
> > > > regards, Frederick
> > > >
> > > > Frederick Hirsch
> > > > Nokia
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Apr 29, 2008, at 9:29 AM, ext Thomas Roessler wrote:
> > > >
> > > > >
> > > > > Hello,
> > > > >
> > > > > we've received one comment about XML Signature PER which requests a
> > > > > review of the references, specifically XML 2nd Edition and Unicode.
> > > > >
> > > > > Forwarded with permission.
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Thomas Roessler, W3C  <tlr@w3.org>  +33-4-89063488
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 2008-04-06 13:10:01 +0000, WBS Mailer on behalf of
> innovimax+w3c@gmail.com wrote:
> > > > >
> > > > > > From: "WBS Mailer on behalf of innovimax+w3c@gmail.com"
> > > > > >        <webmaster@w3.org>
> > > > > > To: innovimax+w3c@gmail.com,
> > > > > >        team-security-activity-proposal-review@w3.org
> > > > > > Date: Sun, 06 Apr 2008 13:10:01 +0000
> > > > > > Subject: [wbs] response to 'Call for Review: XML Signature Syntax
> and
> > > > > >        Processing  (Second Edition)?? is W3C Proposed
> Recommendation'
> > > > > > Reply-To: innovimax+w3c@gmail.com
> > > > > > List-Id: <team-security-activity-proposal-review.w3.org>
> > > > > > X-Spam-Level:
> > > > > > Archived-At:
> > > > > >
> <http://www.w3.org/mid/wbs-f743d3cf28a5f52bede4713530dde6b5@cgi.w3.o
> > > > > >        rg>
> > > > > > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000,
> version=1.1.6
> > > > > >
> > > > > >
> > > > > >
> > > > > > The following answers have been successfully submitted to 'Call
> for Review:
> > > > > > XML Signature Syntax and Processing (Second Edition)
> > > > > >  is W3C Proposed Recommendation' (Advisory Committee) for
> INNOVIMAX by
> > > > > > Mohamed ZERGAOUI.
> > > > > >
> > > > > > Regarding the "XML Signature Syntax and Processing (Second
> Edition)"
> > > > > > specification, the reviewer  suggests changes, and only supports
> > > > > > publication as a Recommendation if the changes are adopted.
> > > > > >
> > > > > >
> > > > > > Additional comments about the specification:
> > > > > >   The references are almost all out of synch and may introduce
> burden
> > > > > > because of misinterpretation, mainly due to references to old
> Unicode
> > > > > > publication directly and to XML second edition.
> > > > > >
> > > > > > I ask that all reference should be carefully weighted to not
> introduce
> > > > > > more problems than solutions
> > > > > >
> > > > > >
> > > > > > The reviewer's organization:
> > > > > >   - produces products addressed by this specification
> > > > > >
> > > > > > Answers to this questionnaire can be set and changed at
> > > > > > http://www.w3.org/2002/09/wbs/33280/xmlsigper2008/ until
> 2008-04-30.
> > > > > >
> > > > > >  Regards,
> > > > > >
> > > > > >  The Automatic WBS Mailer
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Innovimax SARL
> > > Consulting, Training & XML Development
> > > 9, impasse des Orteaux
> > > 75020 Paris
> > > Tel : +33 9 52 475787
> > > Fax : +33 1 4356 1746
> > > http://www.innovimax.fr
> > > RCS Paris 488.018.631
> > > SARL au capital de 10.000 €
> > >
> >
> >
> >
> > --
> > Innovimax SARL
> > Consulting, Training & XML Development
> > 9, impasse des Orteaux
> > 75020 Paris
> > Tel : +33 9 52 475787
> > Fax : +33 1 4356 1746
> > http://www.innovimax.fr
> > RCS Paris 488.018.631
> > SARL au capital de 10.000 €
> >
>
>
>
> --
> Innovimax SARL
> Consulting, Training & XML Development
> 9, impasse des Orteaux
> 75020 Paris
> Tel : +33 9 52 475787
> Fax : +33 1 4356 1746
> http://www.innovimax.fr
>  RCS Paris 488.018.631
> SARL au capital de 10.000 €
>



-- 
Innovimax SARL
Consulting, Training & XML Development
9, impasse des Orteaux
75020 Paris
Tel : +33 9 52 475787
Fax : +33 1 4356 1746
http://www.innovimax.fr
RCS Paris 488.018.631
SARL au capital de 10.000 €
Received on Monday, 12 May 2008 16:31:17 UTC