- From: XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 13 Aug 2008 20:25:43 +0000 (GMT)
- To: public-xmlsec@w3.org
ISSUE-47 (XAdES Signature Reference): XAdES references latest XML Signature, depends on ds:Object and ds:KeyInfo [Sig (Design for XML Signature V Next)] http://www.w3.org/2008/xmlsec/track/issues/47 Raised by: Frederick Hirsch On product: Sig (Design for XML Signature V Next) Description ETSI TS 101 903 V1.3.2 (2006-03), XML Advanced Electronic Signatures (XAdES), states the following policy on references: "References are either specific (identified by date of publication and/or edition number or version number) or non-specific. • For a specific reference, subsequent revisions do not apply. • For a non-specific reference, the latest version applies" I notice that reference [3] is as follows: [3] W3C/IETF Recommendation: "XML-Signature Syntax and Processing". Thus it appears that XAdES will reference the latest version of XML Signature, currently referencing Second Edition and later the new version produced by this WG. That may be acceptable as long as each version of XML Signature continues to support ds:Object and ds:KeyInfo and the ability to sign these, which is what we can probably expect. Justification - There are two related issues: 1) Signature must continue to meet the features as used by XAdES if XAdES is able to reference the latest version. 2) Changes in the latest version of XML Signature must be acceptable to the XAdES community or the XAdES reference should be changed to reference Second Edition (or first Edition, as appropriate). Proposal 1. Maintain ds:Object and ds:KeyInfo in Signature definition, including ability to reference and sign them. 2. Coordinate with ETSI on the potential need to make Signature a specific reference. Need to determine appropriate process with adequate time.
Received on Wednesday, 13 August 2008 20:27:23 UTC