W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2008

Re: References in XML Signature PER

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 23 May 2008 11:20:00 -0400
Message-Id: <41C7F804-CCCE-4D94-A832-774DA912ACBD@nokia.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "XMLSec XMLSec" <public-xmlsec-maintwg@w3.org>, "ext Thomas Roessler" <tlr@w3.org>
To: ext Innovimax W3C <innovimax+w3c@gmail.com>

Mohamed

The WG agreed to remove the XSL reference from the XML Signature,  
Second Edition document, on our last call [1].  This change has been  
made to the document.

At this point we have made changes to address all the issues you noted.

Thanks for the careful review and  bringing this issue to our  
attention as well as the others.

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security Specifications Maintenance WG

[1] http://www.w3.org/2008/05/20-xmlsec-minutes.html#item04 (member  
only)



On May 12, 2008, at 12:30 PM, ext Innovimax W3C wrote:

> Thanks That's great !
>
> Last thing XSL (a.k.a XSL-FO) is in the reference list but never
> referenced in your spec (furthermore it has been replaced by XSL 1.1)
>
> Sorry to find it only now
>
> Other than that, that's simply perfect !
>
> Regards,
>
> Mohamed
>
> On Mon, May 12, 2008 at 5:05 PM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
>>  Mohamed
>>
>> We have implemented changes to the XML Signature, Second Edition  
>> draft to
>> address the concerns you noted.
>>
>> In particular we have (a) updated the C14N11 reference to  
>> reference the
>> Recommendation (thanks for reminding us of this) [1], (b) removed the
>> Unicode reference [2] and (c) updated the XML and Namespaces  
>> references to
>> XML Fourth Edition and Namespaces Second edition, respectively [3] 
>> [4].
>>
>> Can you please take a look and confirm that these changes address  
>> all of
>> your concerns?
>>
>> Thanks
>>
>>
>> regards, Frederick
>>
>> Frederick Hirsch, Nokia
>> Chair XML Security Specifications Maintenance WG
>>
>> [1]
>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ 
>> Overview.html#ref-XML-C14N11
>>
>> [2] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ 
>> Overview.html#ref-SOAP
>>
>> [3] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ 
>> Overview.html#ref-XML
>>
>> [4]
>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/ 
>> Overview.html#ref-XML-ns
>>
>> Clean version of draft without redlines is at
>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/nochanges.html
>>
>> Explanation of changes document is at
>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/explain.html
>>
>>
>>
>>
>>
>> On May 7, 2008, at 12:39 AM, ext Innovimax W3C wrote:
>> Ok so
>>
>> One last thing
>>
>> Update
>> [[
>> XML-C14N11Canonical XML 1.1. W3C Proposed Recommendation. J.  
>> Boyer, G.
>> Marcy. 29 January 2008.
>>  http://www.w3.org/TR/2008/PR-xml-c14n11-20080129]]to
>> [[
>> XML-C14N11Canonical XML 1.1. W3C Recommendation. J. Boyer, G.  
>> Marcy. 2 May
>> 2008.
>>  http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/]]If you may  
>> send me the
>> whole Reference block, after update, so I can remove my objections
>>
>> Regards,
>>
>> Mohamed
>>
>> On Wed, May 7, 2008 at 1:34 AM, Frederick Hirsch
>> <frederick.hirsch@nokia.com> wrote:
>>>
>>> Mohamed
>>>
>>>
>>> No, not all the references are normative but the others should be  
>>> less
>> confusing given the context.
>>>
>>>
>>> In future work on XML Security it sounds like it would be a good  
>>> practice
>> to distinguish normative and informative references more clearly.  
>> In this
>> Second Edition PER we are attempting to minimize changes from the  
>> first
>> edition.
>>>
>>>
>>>
>>>
>>>
>>> regards, Frederick
>>>
>>>
>>> Frederick Hirsch
>>> Nokia
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On May 6, 2008, at 6:04 PM, ext Innovimax W3C wrote:
>>>
>>> Thanks, that should help
>>>
>>> But does it mean that all other references are normative ?
>>>
>>> Regards,
>>>
>>> Mohamed
>>>
>>>
>>> On Tue, May 6, 2008 at 11:30 PM, Frederick Hirsch
>> <frederick.hirsch@nokia.com> wrote:
>>>
>>>>
>>>> Mohamed
>>>>
>>>>
>>>> Thanks for providing the information regarding the Unicode  
>>>> reference in
>> the XML Signature, Second Edition PER.
>>>>
>>>>
>>>> We discussed this issue on today's working group call and came  
>>>> to the
>> conclusion that we should remove the Unicode reference from the  
>> document
>> [1]. This should remove the possibility of any misinterpretation  
>> of the
>> reference and not raise any false implications.
>>>>
>>>>
>>>> The rationale is that the reference is not normative, not  
>>>> referred to in
>> the document, and not very precise as it refers to a web page and  
>> may be
>> misinterpreted. The Working Group felt that the best approach is  
>> to allow
>> the XML specification to refer to Unicode appropriately.
>>>>
>>>>
>>>> This decision by the working group should close this issue.
>>>>
>>>>
>>>> If you have any concerns please respond to this email including the
>> public-xmlsec-maintwg mail address as a recipient. If we hear  
>> nothing we
>> will assume that the response is acceptable, but would prefer an
>> acknowledgment that this is acceptable.
>>>>
>>>>
>>>> Thank you
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> regards, Frederick
>>>>
>>>>
>>>> Frederick Hirsch, Nokia
>>>> Chair XML Security Specifications Maintenance WG
>>>> [1] http://www.w3.org/2008/05/06-xmlsec-minutes.html#item08
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Apr 30, 2008, at 4:27 AM, ext Innovimax W3C wrote:
>>>>
>>>> Sure, the problem is consistency between the Unicode version  
>>>> Referenced
>> in XML 1.0 Specification and the Unicode version referenced  
>> directly in the
>> spec
>>>>
>>>> Indeed, XML 1.0 Specification Fourth Edition references Unicode  
>>>> 2 AND
>> Unicode 3.2, and also ISO/IEC 10646 as normative reference
>>>>
>>>> For XML Signature, there is no distinction between normative  
>>>> reference
>> and non normative, so it is assumed that all are normative !!
>>>>
>>>> Which imply that
>>>>
>>>> for example the reference to UAX #15 (called NFC TR15) is a bit old
>> (1999) but is consistent with Unicode 3.2
>>>>
>>>> but your reference to Unicode is not sufficiently precise (you're
>> pointing to the home page) which could lead to problem if someone  
>> wants to
>> points to recent Unicode version
>>>>
>>>> So may be the solution is just to split reference between,  
>>>> normative and
>> informative
>>>>
>>>> Regards,
>>>>
>>>> Mohamed
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Apr 30, 2008 at 2:13 AM, Frederick Hirsch
>> <frederick.hirsch@nokia.com> wrote:
>>>>
>>>>> I  believe updating an  XML 1.0, Second Edition [1] reference  
>>>>> to XML
>> 1.0 Fourth Edition [2] in XML Signature, Second Edition PER [3]  
>> may be
>> useful and appropriate.
>>>>>
>>>>> (1) It appears that the Fourth Edition is mostly editorial  
>>>>> changes for
>> clarity, as well as incorporation of errata [4]. One of these errata
>> corresponds to changes in XML Signature Second Edition, an update  
>> of the URI
>> reference from RFC 2732 to RFC 3986.
>>>>> "This fourth edition is not a new version of XML. As a  
>>>>> convenience to
>> readers, it incorporates the changes dictated by the accumulated  
>> errata
>> (available at http://www.w3.org/XML/xml-V10-3e-errata) to the  
>> Third Edition
>> of XML 1.0, dated 4 February 2004. In addition, the markup  
>> introduced in the
>> third edition, to clarify when prescriptive keywords are used in  
>> the formal
>> sense defined in [IETF RFC 2119], has been modified to better  
>> match the
>> intent of [IETF RFC 2119]"
>>>>>
>>>>> (2) Likewise XML 1.0 Third edition incorporates editorial  
>>>>> changes for
>> clarity and incorporation of errata [5].
>>>>>
>>>>> "This third edition is not a new version of XML. As a  
>>>>> convenience to
>> readers, it incorporates the changes dictated by the accumulated  
>> errata
>> (available at http://www.w3.org/XML/xml-V10-2e-errata) to the  
>> Second Edition
>> of XML 1.0, dated 6 October 2000. In addition, markup has been  
>> introduced on
>> a significant portion of the prescriptions of the specification,  
>> clarifying
>> when prescriptive keywords such as must, should and may are used  
>> in the
>> formal sense defined in [IETF RFC 2119]"
>>>>>
>>>>> Do members of this group, in particular those involved with the  
>>>>> XML
>> Core WG, believe it would be appropriate to update the XML 1.0  
>> reference in
>> XML Signature, Second Edition to the Fourth Edition of XML, and  
>> would doing
>> so be viewed as editorial or a more substantive change?
>>>>>
>>>>> Would such a change have an impact on implementors?
>>>>>
>>>>> It may be that XML Signature is mostly orthogonal to those  
>>>>> changes, in
>> particular since the XML Fourth edition does not represent a new  
>> version of
>> XML,  and thus this could be treated as editorial
>>>>>
>>>>> (3) A similar issue may also apply to Namespaces  in XML 1.0  
>>>>> [6] which
>> have been updated to Namespaces  in XML 1.0, Second Edition [7],  
>> where the
>> errata includes primarily  the deprecation of relative URIs in  
>> namespace
>> declarations [8]. What are thoughts on updating this reference,  
>> treating it
>> as editorial?
>>>>>
>>>>> It seems these changes are editorial in nature. Do you have  
>>>>> insights
>> or views on this?
>>>>>
>>>>> I'm not sure I understand that the unicode reference needs  
>>>>> updating,
>> any thoughts on that reference?
>>>>>
>>>>> Thanks
>>>>>
>>>>> regards, Frederick
>>>>>
>>>>> Frederick Hirsch
>>>>> Nokia
>>>>>
>>>>> [1] http://www.w3.org/TR/2000/REC-xml-20001006
>>>>>
>>>>> [2] http://www.w3.org/TR/2006/REC-xml-20060816/
>>>>>
>>>>> [3] http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/
>>>>>
>>>>> [4] http://www.w3.org/TR/2006/PER-xml-20060614/
>>>>>
>>>>> [5] http://www.w3.org/TR/2004/REC-xml-20040204/
>>>>>
>>>>> [6] http://www.w3.org/TR/1999/REC-xml-names-19990114/
>>>>>
>>>>> [7] http://www.w3.org/TR/REC-xml-names/
>>>>>
>>>>> [8] http://www.w3.org/TR/REC-xml-names/#errata10
>>>>>
>>>>> regards, Frederick
>>>>>
>>>>> Frederick Hirsch
>>>>> Nokia
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Apr 29, 2008, at 9:29 AM, ext Thomas Roessler wrote:
>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> we've received one comment about XML Signature PER which  
>>>>>> requests a
>>>>>> review of the references, specifically XML 2nd Edition and  
>>>>>> Unicode.
>>>>>>
>>>>>> Forwarded with permission.
>>>>>>
>>>>>> Regards,
>>>>>> --
>>>>>> Thomas Roessler, W3C  <tlr@w3.org>  +33-4-89063488
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 2008-04-06 13:10:01 +0000, WBS Mailer on behalf of
>> innovimax+w3c@gmail.com wrote:
>>>>>>
>>>>>>> From: "WBS Mailer on behalf of innovimax+w3c@gmail.com"
>>>>>>>        <webmaster@w3.org>
>>>>>>> To: innovimax+w3c@gmail.com,
>>>>>>>        team-security-activity-proposal-review@w3.org
>>>>>>> Date: Sun, 06 Apr 2008 13:10:01 +0000
>>>>>>> Subject: [wbs] response to 'Call for Review: XML Signature  
>>>>>>> Syntax
>> and
>>>>>>>        Processing  (Second Edition)?? is W3C Proposed
>> Recommendation'
>>>>>>> Reply-To: innovimax+w3c@gmail.com
>>>>>>> List-Id: <team-security-activity-proposal-review.w3.org>
>>>>>>> X-Spam-Level:
>>>>>>> Archived-At:
>>>>>>>
>> <http://www.w3.org/mid/wbs-f743d3cf28a5f52bede4713530dde6b5@cgi.w3.o
>>>>>>>        rg>
>>>>>>> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000,
>> version=1.1.6
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The following answers have been successfully submitted to 'Call
>> for Review:
>>>>>>> XML Signature Syntax and Processing (Second Edition)
>>>>>>>  is W3C Proposed Recommendation' (Advisory Committee) for
>> INNOVIMAX by
>>>>>>> Mohamed ZERGAOUI.
>>>>>>>
>>>>>>> Regarding the "XML Signature Syntax and Processing (Second
>> Edition)"
>>>>>>> specification, the reviewer  suggests changes, and only supports
>>>>>>> publication as a Recommendation if the changes are adopted.
>>>>>>>
>>>>>>>
>>>>>>> Additional comments about the specification:
>>>>>>>   The references are almost all out of synch and may introduce
>> burden
>>>>>>> because of misinterpretation, mainly due to references to old
>> Unicode
>>>>>>> publication directly and to XML second edition.
>>>>>>>
>>>>>>> I ask that all reference should be carefully weighted to not
>> introduce
>>>>>>> more problems than solutions
>>>>>>>
>>>>>>>
>>>>>>> The reviewer's organization:
>>>>>>>   - produces products addressed by this specification
>>>>>>>
>>>>>>> Answers to this questionnaire can be set and changed at
>>>>>>> http://www.w3.org/2002/09/wbs/33280/xmlsigper2008/ until
>> 2008-04-30.
>>>>>>>
>>>>>>>  Regards,
>>>>>>>
>>>>>>>  The Automatic WBS Mailer
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Innovimax SARL
>>>> Consulting, Training & XML Development
>>>> 9, impasse des Orteaux
>>>> 75020 Paris
>>>> Tel : +33 9 52 475787
>>>> Fax : +33 1 4356 1746
>>>> http://www.innovimax.fr
>>>> RCS Paris 488.018.631
>>>> SARL au capital de 10.000 
>>>>
>>>
>>>
>>>
>>> --
>>> Innovimax SARL
>>> Consulting, Training & XML Development
>>> 9, impasse des Orteaux
>>> 75020 Paris
>>> Tel : +33 9 52 475787
>>> Fax : +33 1 4356 1746
>>> http://www.innovimax.fr
>>> RCS Paris 488.018.631
>>> SARL au capital de 10.000 
>>>
>>
>>
>>
>> --
>> Innovimax SARL
>> Consulting, Training & XML Development
>> 9, impasse des Orteaux
>> 75020 Paris
>> Tel : +33 9 52 475787
>> Fax : +33 1 4356 1746
>> http://www.innovimax.fr
>>  RCS Paris 488.018.631
>> SARL au capital de 10.000 
>>
>
>
>
> -- 
> Innovimax SARL
> Consulting, Training & XML Development
> 9, impasse des Orteaux
> 75020 Paris
> Tel : +33 9 52 475787
> Fax : +33 1 4356 1746
> http://www.innovimax.fr
> RCS Paris 488.018.631
> SARL au capital de 10.000 
Received on Friday, 23 May 2008 15:21:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:58:44 UTC