- From: Ed Simon <edsimon@xmlsec.com>
- Date: Mon, 20 Sep 2010 18:04:11 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
I have reviewed the 2010 August 26 draft of Magic Signatures: http://salmon-protocol.googlecode.com/svn-history/r109/trunk/draft-panzer-magicsig-experimental-00.html Here are my comments as they pertain to XML Signature: 1. Throughout the document, replace "XML-DSig" and its variants with "XML Signature". 2. In Section 1, there is the line "In the field, XML-DSig has proven to be problematic in applications such as syndication of feeds.". This statement requires references and/or explanation so that one knows what the problems are. 3. Bullet 1 "Can handle any data format; not tied to XML." is, at best, ambiguous. If taken to suggest that XML Signature can only sign XML data, then it is false. However, I believe the intention was actually to say, for example, that "Magic Signatures can be serialized into arbitrary data formats such XML and JSON." The bullet needs to be rewritten to remove mis-interpretations. 4. In Section 3, replace "and serialized as either XML or JSON" with "and serialized into arbitrary data formats such as XML and JSON (these serializations are profiled within this specification)". 5. Section 3.4 states that "This specification does not define a DTD, and thus does not require validity (in the sense used by XML)." And then goes on to detail, in human language, the validation requirements for the XML-serialized version of Magic Signatures. Indeed, those validation requirements are basically XML validation as the term is generally used. Given that Magic Signatures does set rules wrt the data structure of the XML serialized form, the specification should include an XML Schema or Relax NG schema that expresses those validation rules in a machine-readable manner. Ed -- ======================================== Ed Simon, XMLsec Inc. 613-726-9645 edsimon@xmlsec.com
Received on Monday, 20 September 2010 22:04:50 UTC