Future work on XML Signature from Thomas Roessler on 2006-09-18 (w3c-ietf-xmldsig@w3.org from July to September 2006)

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 18 Sep 2006 18:31:52 +0200
To: w3c-ietf-xmldsig@w3.org
Message-ID: <20060918163151.GO2766@raktajino.does-not-exist.org>
Hello,

for your information, we're working on a charter for a W3C Working
Group that would have the task to specifically sort out the xml:id
mess in XML Signature (by making C14N 1.1 the mandatory to implement
algorithm, and essentially making the changes described in the
dsig-usage note), and to fix the Decryption transform for XML
Signature by making similar changes.

The expectation is that this charter would limit the
conformance-affecting changes that the group can make to those that
are demonstrated to be necessary to sort out the immediate problem.

To make the work less dull, the group will also have the mandate to
write a draft charter for broader follow-up work, and to identify
issues that need to be addressed.

We intend to have the version of XML Signature and Processing that
this group would produce submitted to the IETF for publication as an
RFC; the mechanics of that are presently being discussed.

Feed-back on the overall approach would be most welcome.

Regards,
-- 
Thomas Roessler, W3C   <tlr@w3.org>






On 2006-09-15 18:28:09 +0200, Jose Kahan wrote:
> From: Jose Kahan <jose.kahan@w3.org>
> To: w3c-ietf-xmldsig@w3.org
> Date: Fri, 15 Sep 2006 18:28:09 +0200
> Subject: [FYI] Transition announcement: First Public Working Draft of
> 	C14N 1.1 and two WG Notes
> Reply-To: jose.kahan@w3.org
> List-Id: <w3c-ietf-xmldsig.w3.org>
> X-Spam-Level: 
> X-Archived-At:
> 	http://www.w3.org/mid/20060915162809.GF29096@rakahanga.inrialpes.fr
> 
> FYI.
> 
> All feedback is welcome at the mailing lists that are given in those
> documents.
> 
> Thanks!
> 
> -jose

> From: "Grosso, Paul" <pgrosso@ptc.com>
> To: chairs@w3.org, w3t-comm@w3.org
> Cc: public-xml-core-wg@w3.org
> Date: Fri, 15 Sep 2006 12:14:04 -0400
> Subject: Transition announcement: First Public Working Draft of C14N 1.1
> 	and two WG Notes
> List-Id: <public-xml-core-wg.w3.org>
> X-Archived-At:
> 	http://www.w3.org/mid/CF83BAA719FD2C439D25CBB1C9D1D30204ABFCD3@HQ-MAIL4.ptcnet.ptc.com
> 
> 
> 
> The XML Core WG announces the initial publication of 
> the following three C14N related documents and welcomes
> review from all interested parties:
> 
> Known Issues with Canonical XML 1.0 (C14N/1.0)
> W3C Working Draft 15 September 2006
> 
> This version:
>      http://www.w3.org/TR/2006/WD-C14N-issues-20060915/
> Latest version:
>      http://www.w3.org/TR/C14N-issues/
> 
> [This will become a WG Note.]
> ---
> 
> Using XML Digital Signatures in the 2006 XML Environment
> W3C Working Draft 15 September 2006
> 
> This version:
>      http://www.w3.org/TR/2006/WD-DSig-usage-20060915/
> Latest version:
>      http://www.w3.org/TR/DSig-usage/
> 
> [This will become a WG Note.]
> 
> ---
> 
> Canonical XML1.1
> W3C Working Draft 15 September 2006
> 
> This version:
>      http://www.w3.org/TR/2006/WD-xml-c14n11-20060915
> Latest version:
>      http://www.w3.org/TR/xml-c14n11
> 
> [This is a Recommendation-track specification.]
> 
> ==========================================================
> 
> The document abstracts and status sections are as follows:
> 
> WG Note: Known Issues with Canonical XML 1.0 (C14N/1.0)
> -------------------------------------------------------
> 
> Abstract
> --------
> This technical note addresses some of the issues related
> to inheritance of the XML attributes xml:base and xml:id 
> and the W3C Recommendation for Canonical XML Version 1.0 
> [C14N10] (Errata). Shortcomings of C14N/1.0 are noted out 
> and the use of a new C14N/1.1 recommendation with the XML 
> Digital Signature 1.0 Recommendation [XMLDSIG] is discussed. 
> 
> Status
> ------
> This section describes the status of this document at the 
> time of its publication. Other documents may supersede this 
> document. A list of current W3C publications and the latest 
> revision of this technical report can be found in the W3C 
> technical reports index at http://www.w3.org/TR/.
> 
> This is the W3C First Public Working Draft of "Known Issues 
> with Canonical XML 1.0 (C14N/1.0)", produced by the XML Core 
> Working Group, as part of the XML Activity. A companion note, 
> "XML Digital Signatures in the 2006 XML Environment" [XMLDSIG2006], 
> describes in further detail how a revised canonicalization 
> algorithm (C14N/1.1 or other) may be used with the current 
> XML-SIG/1.0 Specification.
> 
> Once all the comments about this document will have been 
> addressed, the Working Group intends to publish a final 
> version of this document as a W3C Working Group Note.
> 
> Please send comments related to this document to 
> www-xml-canonicalization-comments@w3.org (public archive).
> 
> Publication as a Working Draft does not imply endorsement 
> by the W3C Membership. This is a draft document and may be 
> updated, replaced or obsoleted by other documents at any 
> time. It is inappropriate to cite this document as other 
> than work in progress.
> 
> This document was produced by a group operating under the 
> 5 February 2004 W3C Patent Policy. This document is informative 
> only. W3C maintains a public list of any patent disclosures 
> made in connection with the deliverables of the group; that 
> page also includes instructions for disclosing a patent. An 
> individual who has actual knowledge of a patent which the 
> individual believes contains Essential Claim(s) must disclose 
> the information in accordance with section 6 of the W3C Patent Policy.
> 
> WG Note: Using XML Digital Signatures in the 2006 XML Environment
> -----------------------------------------------------------------
> 
> Abstract
> --------
> This technical note describes how to use the XML Digital 
> Signature Recommendation [XMLDSIG] in a way consistent with 
> the present (fall 2006) XML environment. In particular, this 
> note takes into account the recent xml:id Version 1.0 [XMLID] 
> and Canonical XML Version 1.1 [C14N11] Recommendations.
> 
> This note suggests constraints on the use of XML Signature, 
> and relies on extension points present in the XML Digital 
> Signature Recommendation. This note does not override any 
> aspect of that Recommendation.
> 
> Status
> ------
> This section describes the status of this document at the time 
> of its publication. Other documents may supersede this document. 
> A list of current W3C publications and the latest revision of this 
> technical report can be found in the W3C technical reports index 
> at http://www.w3.org/TR/.
> 
> This is the W3C First Public Working Draft of "XML Signatures in 
> the 2006 XML Environment", produced by the XML Core Working Group, 
> as part of the XML Activity. A companion note, "Known Issues with 
> Canonical XML 1.0 (C14N/1.0)" [C14NNOTE], discusses in detail some 
> of the issues related to the inheritance of certain XML attributes 
> and the Canonical XML Recommendation 1.0 [C14N10]. 
> 
> Once all the comments about this document will have been addressed, 
> the Working Group intends to publish a final version of this document 
> as a W3C Working Group Note.
> 
> Please send comments related to this document to 
> www-xml-canonicalization-comments@w3.org (public archive).
> 
> Publication as a Working Draft does not imply endorsement by the 
> W3C Membership. This is a draft document and may be updated, replaced 
> or obsoleted by other documents at any time. It is inappropriate to 
> cite this document as other than work in progress.
> 
> This document was produced by a group operating under the 
> 5 February 2004 W3C Patent Policy. This document is informative only. 
> W3C maintains a public list of any patent disclosures made in connection
> with the deliverables of the group; that page also includes instructions
> for disclosing a patent. An individual who has actual knowledge of a 
> patent which the individual believes contains Essential Claim(s) must 
> disclose the information in accordance with section 6 of the W3C Patent 
> Policy.
> 
> 
> First WD: Canonical XML 1.1
> ---------------------------
> 
> Abstract
> --------
> Canonical XML 1.1 is a revision to Canonical XML 1.0 to address 
> issues raised while producing the xml:id specification.
> 
> Any XML document is part of a set of XML documents that are logically 
> equivalent within an application context, but which vary in physical 
> representation based on syntactic changes permitted by XML 1.0 [XML] 
> and Namespaces in XML [Names]. This specification describes a method 
> for generating a physical representation, the canonical form, of an 
> XML document that accounts for the permissible changes. Except for 
> limitations regarding a few unusual cases, if two documents have the 
> same canonical form, then the two documents are logically equivalent 
> within the given application context. Note that two documents may 
> have differing canonical forms yet still be equivalent in a given 
> context based on application-specific equivalence rules for which 
> no generalized XML specification could account.
> 
> Status
> ------
> This section describes the status of this document at the time 
> of its publication. Other documents may supersede this document. 
> A list of current W3C publications and the latest revision of this 
> technical report can be found in the W3C technical reports index 
> at http://www.w3.org/TR/.
> 
> This is a First Public Working Draft of Canonical XML 1.1. 
> This diff-marked version is being made available for review 
> by W3C members and the public. It is intended to give an 
> indication of the W3C XML Core Working Group's intentions 
> for this new version of Canonical XML and our progress in 
> achieving them. It attempts to be complete in indicating 
> what will change from version 1.0, but does not specify in 
> all cases how things will change. A subsequent Last Call 
> draft will consist of a regular, non-diff-marked version 
> of this specification.
> 
> Please send comments on this Working Draft to 
> www-xml-canonicalization-comments@w3.org (archive).
> 
> Publication as a Working Draft does not imply endorsement by the W3C 
> Membership. This is a draft document and may be updated, replaced or 
> obsoleted by other documents at any time. It is inappropriate to cite 
> this document as other than work in progress.
> 
> This document has been produced by the W3C XML Core Working Group as 
> part of the W3C XML Activity. The authors of this document are the 
> members of the XML Core Working Group and invited experts from the 
> Digital Signature community.
> 
> This document was produced by a group operating under the 
> 5 February 2004 W3C Patent Policy. W3C maintains a public 
> list of any patent disclosures made in connection with the 
> deliverables of the group; that page also includes instructions 
> for disclosing a patent. An individual who has actual knowledge 
> of a patent which the individual believes contains Essential 
> Claim(s) must disclose the information in accordance with 
> section 6 of the W3C Patent Policy.
> 
> The English version of this specification is the only normative version.
> 
> 
> Paul Grosso for the XML Core WG
> 
>
Received on Monday, 18 September 2006 16:32:05 UTC