W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2015

Re: Call for Consensus: Approve Errata for XML Signature 1.1 to correct referenced schema files; please respond by 15 July 2015

From: Frederick Hirsch <w3c@fjhirsch.com>
Date: Mon, 20 Jul 2015 14:32:36 -0400
Cc: Wendy Seltzer <wseltzer@w3.org>, Juan Carlos Cruellas <cruellas@ac.upc.edu>
Message-Id: <1A2AB949-2098-49ED-9D63-9CB024B821B1@fjhirsch.com>
To: "public-xmlsec@w3.org List Public" <public-xmlsec@w3.org>
This call for consensus to approve two additional errata items  for XML Signature 1.1 has completed with support from six members of the list (in addition to myself)  and no objections. Thus we have consensus to update the errata accordingly.

Thanks everyone, especially for responding to a CfC in a group that has not met for some time.

I will prepare the errata for publication.

regards, Frederick

Frederick Hirsch
Chair, W3C XML Security WG

www.fjhirsch.com
@fjhirsch



> On Jun 24, 2015, at 5:09 PM, Frederick Hirsch <w3c@fjhirsch.com> wrote:
> 
> This is a Call for Consensus (CfC) to add the following two errata items to the errata list for XML Signature 1.1 at http://www.w3.org/2008/xmlsec/errata/xmldsig-core-11-errata.html
> 
> Please note that there is no change required to the specification itself; the change is to referenced schema files that require updates.
> 
> Please note that these can be classified as informative changes which do not affect conformance, as they fix a typo for schema URLs for schemas that can be obtained by other means (and cached) and add a schemaLocation for clarity.
> 
> The two errata items to add to the XML Signature 1.1 errata file are as follows (apart from formatting):
> 
> ---- 
> E02:  Fix typo within Schema driver file referenced in Section 9.1
> 
> Added: 2015-06-24 fjh
> Accepted: XML Security WG <link call for consensus conclusion>
> Raised: 8 June 2015 (linked to https://lists.w3.org/Archives/Public/public-xmlsec/2015Jun/0000.html )
> Class: informative 
> Affects conformance: No 
> 
> Section 9.1 (XSD schema) includes a  link to the "XML Signature 1.1 Schema Driver" at   http://www.w3.org/TR/xmldsig-core1/xmldsig1-schema.xsd
> 
> That file has the line
> [[
> <include schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core.xsd"/>
> ]]
> 
> It should be replaced with the line
> [[
> <include schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd" />
> ]]
> 
> Note that implementations are able to cache the correct schema file without relying on the schemaLocation but the URL should be corrected in this file. Note that applications should not routinely retrieve the schema using this URL.
> 
> This file is also referenced by the XML Security 2.0 Note, http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/#sec-xsdSchema
> ---
> 
> E03: Add schemaLocation to Schema driver file referenced in Section 9.1
> 
> Added: 2015-06-24 fjh
> Accepted: XML Security WG <link call for consensus conclusion>
> Raised: 8 June 2015 (linked to https://lists.w3.org/Archives/Public/public-xmlsec/2015Jun/0000.html )
> Class: informative 
> Affects conformance: No 
> 
> Section 9.1 (XSD schema) includes a  link to the "XML Signature 1.1 Schema Instance" at  http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
> 
> The element containing
> [[
> <import namespace="http://www.w3.org/2000/09/xmldsig#"/>
> ]]
> does not have a schemaLocation.
> 
> Add the following line before the noted import line:
> 
> <include schemaLocation="http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/xmldsig-core-schema.xsd" />
> 
> Note that implementations are able to cache the correct schema file without relying on the schemaLocation. Note that applications should not routinely retrieve the schema using the URL.
> 
> This file is also referenced by the XML Security 2.0 Note, http://www.w3.org/TR/2013/NOTE-xmldsig-core2-20130411/#sec-xsdSchema
> ----
> 
> Please respond to this CfC on the public list by 15 July 2015 (3 weeks) indicating support (a +1 will do) or any concern. Please suggest any required wording changes if needed (and reference the previous list discussion for additional context).
> 
> Although silence will be taken as agreement, given that this group is inactive a positive response is greatly preferred. 
> 
> Thanks
> 
> regards, Frederick
> 
> Frederick Hirsch
> Chair, W3C XML Security WG
> 
> www.fjhirsch.com
> @fjhirsch
> 
> 
> 
Received on Monday, 20 July 2015 18:33:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 20 July 2015 18:33:06 UTC