- From: Magnus Nystrom <mnystrom@microsoft.com>
- Date: Wed, 31 Aug 2011 04:00:00 +0000
- To: "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
- Message-ID: <D744D68428430B4F9C81DE8A4D59506812141D27@TK5EX14MBXW603.wingroup.windeploy.ntde>
Makoto wrote: > I have to revisit this issue, since a test document gh-example.xml (in the directory "xml encryption test files") has > <ds:KeyInfo> > <dsig11:ECKeyValue> > <dsig11:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/> > <dsig11:PublicKey>DEADBEEF</dsig11:PublicKey> > </dsig11:ECKeyValue> > </ds:KeyInfo> > To validate this ECKeyValue element, we need the schema for Signature 1.1. > But this example document might be simply incorrect. I see other errors such as > Algorithm="http://www.w3.org/2009/xmlenc11#GenericHybridCipher" > which is not a valid algorithm identifer. Is my copy obsolete? It may be, I have attached a corrected version to this email. Maybe you can upload it, Frederick? In addition, I found the following apparent inconsistencies in our schema and example documents while verifying this example: 1. Our xmldsig11-schema.xsd currently begins: <schema targetNamespace="http://www.w3.org/2009/xmldsig11#" version="0.1" elementFormDefault="qualified"> Should it not be: <?xml version="1.0" encoding="utf-8"?> <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:dsig11="http://www.w3.org/2009/xmldsig11#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.w3.org/2009/xmldsig11#" version="0.1" elementFormDefault="qualified"> ? (Note the addition of the xmlns: definitions in addition to the xml version element) 2. I also wonder about the use of 'version="0.1"' above - should it not be 'version="1.0"'? 3. Similarly as 1., above, shouldn't the XML Encryption 1.1 schema linked to in the XML Encryption 1.1 document begin with: <?xml version="1.0" encoding="utf-8"?> <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" version="1.0" targetNamespace="http://www.w3.org/2009/xmlenc11#" elementFormDefault="qualified"> (Or is it sufficient just to import? I thought the namespace declaration had to be there too?) 4. Not that it matters too much, but I note that the XML Signature 1.1 schema has the schema attributes "version" and "targetNamespace" in a different order than XML Encryption 1.1 schema. For consistency it would be nicer with the same ordering. 5. As with 1. and 3. above, should not the GHC schema begin with: <?xml version="1.0" encoding="utf-8"?> <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ghc="http://www.w3.org/2009/xmlsec-gh#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" targetNamespace="http://www.w3.org/2009/xmlsec-gh#" version="0.1" elementFormDefault="qualified"> ? 6. Same comment as 4. above about the ordering of attributes "version" and "targetNamespace" ? 7. Same comment as 2. above regarding the GHC schema's "version='0.1'" ? 8. The GHC schema uses the URI .../2009/xmlsec-gh# but the algorithm identifiers in the GHC document uses the URI .../2001/xmlsec-ghc#... While not formally an error, I suggest switching to the latter also for the schema URI in which case the example within the GHC document becomes correct. 9. The XML Encryption 1.0 schema linked to in our XML Encryption 1.1 document is not the same as the one linked to in the XML Encryption 1.0 TR. The schema linked to in the TR does contain the namespace declarations and the introductory <?xml version=...> element. Should they not be the same? 10. The enc-example.xml linked to in Section 9.1 in XML Encryption 1.1 is not a valid example. I suggest instead using one of our derived key examples (they are in the interop Wiki). 11. In XML Signature 1.1, the "Schema Driver" schema also uses "version=0.1"... Best, -- Magnus 2011/8/19 MURATA Makoto <eb2m-mrt@asahi-net.or.jp>: > Agreed. Thanks. > > Regards, > Makoto > > 2011/8/17 <frederick.hirsch@nokia.com>: >> >> Dear MURATA Makoto , >> >> The XML Security Working Group has reviewed the comments you sent [1] on >> the Last Call Working Draft [2] of the XML Encryption Syntax and Processing >> Version 1.1 published on 13 May 2010. Thank you for having taken the time >> to review the document and to send us comments! >> >> The Working Group's response to your comment is included below. >> >> Please review it carefully and let us know by email at >> public-xmlsec@w3.org if you agree with it or not before 22 August 2011. In >> case of disagreement, you are requested to provide a specific solution for >> or a path to a consensus with the Working Group. If such a consensus cannot >> be achieved, you will be given the opportunity to raise a formal objection >> which will then be reviewed by the Director during the transition of this >> document to the next stage in the W3C Recommendation Track. >> >> Thanks, >> >> For the XML Security Working Group, >> Thomas Roessler >> W3C Staff Contact >> >> 1. >> http://www.w3.org/mid/CALvn5EAQnAT-i4xB0HV+29ta0fp=ijcg77BfofM3o1x44U0jQg@mail.gmail.com >> 2. http://www.w3.org/TR/2010/WD-xmlenc-core1-20100513/ >> >> >> ===== >> >> Your comment on 9.1 XSD Schema XML Encryption Core Schema Instance >> xenc-sc...: >>> xenc-schema-11.xsd does not import xmldsig11-schema.xsd but >>> rather import xmldsigschema.xsd. However, XML Encryption 1.1 >>> normatively references to XML Signature 1.1 rather than 1.0. >>> Which is correct? >> >> >> Working Group Resolution (LC-2544): >> The working group decided to not make any change here as >> xenc-schema-11.xsd does not require any definitions from >> xmldsig-11-schema.xsd. All that is required is ds:DigestMethod from >> xmldsigschmema.xsd; so the current inclusion is correct and does not >> include unnecessary material. >> >> Thus the schema import is correct as is the normative reference to XML >> SIgnature 1.1 (e.g. to pick up normative changes that are not necessarily >> reflected by schema changes)
Attachments
- text/xml attachment: gh-example-corrected.xml
Received on Wednesday, 31 August 2011 04:00:42 UTC