XML Protocol comments on Exclusive Canonicalization from Joseph Reagle on 2001-12-18 (w3c-ietf-xmldsig@w3.org from October to December 2001)

From: Joseph Reagle <reagle@w3.org>
Date: Tue, 18 Dec 2001 17:27:49 -0500
To: xmldsig <w3c-ietf-xmldsig@w3.org>
Message-Id: <20011218222749.2783C85F8A@aeon.w3.org>

Forwarded Message

--

Message-Id: <5.1.0.14.0.20011212155352.03849ae8@mailsrv1.mitre.org>
Date: Wed, 12 Dec 2001 17:37:09 -0500
To: <xml-dist-app@w3.org>
From: Paul Denning <pauld@mitre.org>
Subject: Re: XMLE Review: xmlp wg comments to XMLE/Canonicalization WDs

As discussed in the telecon, here is additional comments on Exclusive XML 
Canonicalization [4]:

Add a section 2.3 that uses actual SOAP messages as an example.

Also, section 1.1 terminology, could use examples to illustrate apex node 
and orphan node.

In section 2.2, the 3rd example uses a namespace prefix "ns3", which I 
think should be "n3".  See <ns3:stuff> within <n1:elem2 ....

Section 3, should reinforce that the begins with "One method for 
implementing ..." is non-normative.

I am still collecting my thoughts on other ideas triggered by reading this 
document, but these are more concerned with words we should add to SOAP 1.2 
documents, rather than anything additional for XML Encryption WG 
documents.  For example,

[4] talks about XPath node sets.  How should this be addressed in the SOAP 
data model (Part 2, Section 3)?

Should the binding framework say that binding specs SHOULD address 
canonicalization (and normalization) requirements?

Since canonicalization deals with serialization of XML, as opposed to an 
infoset, and serialization of SOAP infoset is delegated to the binding, how 
do we specify features that talk about canonicalization being done before 
adding a SOAP header block.  Do SOAP specs as currently written imply that 
the binding is the last thing to touch the message (to do serialization of 
an infoset before transmission)? If so, then how does a "module" for DSig 
process the message (after serialization but before transmission)?  It does 
not seem to make sense to talk about canonicalization of an infoset (before 
serialization into XML).

Relation to XML Character Model and processing order.  "Character model 
normalization has been moved out of scope for XML canonicalization." 
[5]  If a resource constrained SOAP node cannot do early uniform 
normalization, can it send the SOAP message to a SOAP Intermediary where a 
set of "Features" are applied in a specific order; i.e., an 
EarlyUniformNormization feature applied before an 
ExclusiveXMLCanonicalization feature.  Do we want to define a "standard" 
feature for processing order; or should we tell XML Encryption WG to define 
it?

[4] http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120
[5] http://www.w3.org/TR/2001/REC-xml-c14n-20010315#NoCharModelNorm

Paul

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Tuesday, 18 December 2001 17:28:31 UTC