Comments on reading of WS-I constraints on DSig (Issue 9) from Edgar, Gerald on 2009-07-02 (public-xmlsec@w3.org from July 2009)

From: Edgar, Gerald <gerald.edgar@boeing.com>
Date: Wed, 1 Jul 2009 17:29:09 -0700
To: "XMLSec WG Public List" <public-xmlsec@w3.org>
Message-ID: <DC298B2E18C4C6468BA017B020D393E209478198@XCH-NW-3V1.nw.nos.boeing.com>

 In addressing issue 9 I started to review WS-I Basic Security Profile
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#SignatureTran
sforms


WS-I BSP addresses Transforms as one unit and references a number of
specifications from  the W3C in specifying how to form the transform
structures, but these are based on XML-DSIG 1.0.   In DSIG 1.1
(http://www.w3.org/TR/2009/WD-xmldsig-simplify-20090226/)  transforms
are broken up into three sections "Selection, Transforms and
Canonicalization". 

Will this change impact WS-I BSP?  The BSP is clear on which and what
order of elements to include. Is it that WS-I BSP will still need to use
XMLdsig 1.0 because we are breaking apart transforms??

For C14N WS-I BSP  says "Any CANONICALIZATION_METHOD Algorithm attribute
MUST have a value of "http://www.w3.org/2001/10/xml-exc-c14n#"
indicating that it uses Exclusive C14N without comments for
canonicalization. " 

I do not see that our work will impact this aspect, 
http://www.w3.org/2001/10/xml-exc-c14n#  will still be available


Gerald Edgar, CISSP
Enterprise Architecture & Information Security

Received on Thursday, 2 July 2009 00:30:01 UTC