Re: XMLE Review: xmlp wg comments to XMLE/Canonicalization WDs from Paul Denning on 2001-12-12 (xml-dist-app@w3.org from December 2001)

From: Paul Denning <pauld@mitre.org>
Date: Wed, 12 Dec 2001 17:37:09 -0500
To: <xml-dist-app@w3.org>
Message-Id: <5.1.0.14.0.20011212155352.03849ae8@mailsrv1.mitre.org>
As discussed in the telecon, here is additional comments on Exclusive XML 
Canonicalization [4]:

Add a section 2.3 that uses actual SOAP messages as an example.

Also, section 1.1 terminology, could use examples to illustrate apex node 
and orphan node.

In section 2.2, the 3rd example uses a namespace prefix "ns3", which I 
think should be "n3".  See <ns3:stuff> within <n1:elem2 ....

Section 3, should reinforce that the begins with "One method for 
implementing ..." is non-normative.


I am still collecting my thoughts on other ideas triggered by reading this 
document, but these are more concerned with words we should add to SOAP 1.2 
documents, rather than anything additional for XML Encryption WG 
documents.  For example,

[4] talks about XPath node sets.  How should this be addressed in the SOAP 
data model (Part 2, Section 3)?

Should the binding framework say that binding specs SHOULD address 
canonicalization (and normalization) requirements?

Since canonicalization deals with serialization of XML, as opposed to an 
infoset, and serialization of SOAP infoset is delegated to the binding, how 
do we specify features that talk about canonicalization being done before 
adding a SOAP header block.  Do SOAP specs as currently written imply that 
the binding is the last thing to touch the message (to do serialization of 
an infoset before transmission)? If so, then how does a "module" for DSig 
process the message (after serialization but before transmission)?  It does 
not seem to make sense to talk about canonicalization of an infoset (before 
serialization into XML).

Relation to XML Character Model and processing order.  "Character model 
normalization has been moved out of scope for XML canonicalization." 
[5]  If a resource constrained SOAP node cannot do early uniform 
normalization, can it send the SOAP message to a SOAP Intermediary where a 
set of "Features" are applied in a specific order; i.e., an 
EarlyUniformNormization feature applied before an 
ExclusiveXMLCanonicalization feature.  Do we want to define a "standard" 
feature for processing order; or should we tell XML Encryption WG to define 
it?

[4] http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120
[5] http://www.w3.org/TR/2001/REC-xml-c14n-20010315#NoCharModelNorm

Paul

At 03:53 PM 2001-12-07, David Orchard wrote:
>I'd like to gather comments from xmlp members for the XMLE[1] and
>canonicalization WD[2]
>
>My comments from July[3], and I believe are still not addressed.  My
>comments are around the usage scenarios of SOAP with XMLE, and the
>processing model under validation and transformation.  Because XMLE provides
>a schema, it presumably must be used by an XML Schema validator.  But there
>is no treatment for how a document author of the unencrypted content or
>schema should use the XMLE schema - especially given that XMLE content will
>be inside SOAP elements.
>
>In general, my comments are not SOAP specific.  The same questions arise
>when retrieving a document with XMLE content whether it be SOAP or foo
>encoded.  I suggest that the XMLE group should provide documentation that
>describes the expected processing and validation model for documents
>containing XMLE content.  While section 4 of [1] describes detailed element
>processing, perhaps a new section describing message/document processing
>would be useful, eg. "4.4 Complete message processing model".  I'm not sure
>whether it should be normative or non-normative, though I lean to
>non-normative.  Perhaps another option - though I'm not in favour of it -
>would be to have a separate document published by XMLE on the topic.
>
>If it is true that encyrption of portions of SOAP messgaes are a primary
>justification for XMLE then it seems fairly important to have at least
>described the overall processing model and how it works for SOAP messages.
>I suggest that treatment of an enrypted and/or signed SOAP header would be a
>sufficient usage scenario that would satisfy other non-soap applications.
>
>This would certainly help for groups that have publicly stated intensions of
>use SOAP and XMLE, such as OASIS SAML.
>
>Cheers,
>Dave
>
>[1] http://lists.w3.org/Archives/Member/chairs/2001OctDec/0014.html
>[2] http://lists.w3.org/Archives/Member/chairs/2001OctDec/0034.html
>[3] http://lists.w3.org/Archives/Public/xml-encryption/2001Jul/0019.html
Received on Wednesday, 12 December 2001 17:37:44 UTC