OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments on Core Draft 11, 3 Feb 04 (long, resend)

Comments and proposals for Draft 11 of DSS Core, 3 Feb 04.

Line numbers refer to pdf:
http://www.oasis-open.org/apps/org/workgroup/dss/download.php/5292/oasis-dss-1.0-core-spec-wd-11.pdf

(1). I propose we switch from QNames to URLs for consistency and to
avoid various known issues with QNames used as values (e.g.
canonicalization if signed)

 Properties/Identifier, section 3.4.6, line 685-7, schema line 713
 Change from QName to anyURI
 
 (2) I propose we use URL(s) for the dss namespace(s). This has the
advantage that optionally the schema can be retrieved from the URL.
OASIS is defining a standard for defining such persistent URLs, other
TCs like WSS have adopted this approach. 

(3) Editorial comments on overview (section 1.3, line 163)

Might help reader to add subsections:
1.3.1 Signing and Verifying Protocol (before line 163)
1.3.2 XML TimestampToken (break line 197, before First...)
1.3.3 RequesterIdentity XML Element (break line 199, before Second...) 

Update line 180:
bandwidth and protect the privacy of the document content.

(The input documents to be signed or verified can be transferred in
their entirety, or the client can hash the documents itself and only
send the hash values, to save bandwidth and protect the privacy of the
document content. )
 
 Change line 190 from "data to use in verifying" to:
 
 data necessary to verify the signature (such as certificates and
CRLs)...

(4) Since Document and DocumentHash share common document structure, it
might make sense to derive them from a common type, something like
follows:

<xs:complexType name="DocumentBaseType" abstract="true">
        <xs:sequence>
            <xs:element ref="ds:Transforms" minOccurs="0"/> 
        </xs:sequence>
        <xs:attribute name="ID" type="xs:ID" use="optional"/>
        <xs:attribute name="RefURI" type="xs:anyURI" use="optional"/>
        <xs:attribute name="RefType" type="xs:anyURI" use="optional"/>
    </xs:complexType>
</xs:element>

<xs:element name="Document" type="DocumentType" />
<xs:complexType name="DocumentType">
  <xs:complexContent>
    <xs:extension base="DocumentBaseType">
      <xs:choice>
        <xs:element ref="dss:XMLData"/>
        <xs:element ref="dss:Base64Data"/>
      </xs:choice>
    </xs:extension>
  </xs:complexContent>
</xs:complexType>


<xs:element name="DocumentHash" type="DocumentHashType" />
<xs:complexType name="DocumentHashType">
  <xs:complexContent>
    <xs:extension base="DocumentBaseType">
      <xs:sequence>
        <xs:element ref="ds:DigestMethod"/>
        <xs:element ref="ds:DigestValue"/>
      </xs:sequence>
     </xs:extension>
  </xs:complexContent>
</xs:complexType>

(5) Add text to RefURI definition, line 272:
 
 "The RefURI attribute SHOULD be specified, no more than one RefURI
attribute may be omitted in a single signing request."

(6) Add clarification to Document element description before line 291:

"The document hash for signing is created from the element content of
XMLData (i.e. the <XMLData> tags are not included), or from the content
of the <Base64Data> element after it is base64 decoded. "

(yes this reinforces the processing rules here for the reader)

Do we need to say something about spaces in the XMLData element content?

(7) Why can't a SignaturePtr point outside the document and hence have
type anyURI instead of IDREF?
(Schema, line 390)

(8) Editorial - it may make sense to put the non-optional result section
before the optional input sections (e.g 2.8 before 2.6)

(9) Why is resultMajor a string instead of a URI? Seems URI would be
consistent with minorCode and better defined? (schema, line 462)

(10) Editorial
section 2.7.1 ine 428, replace "the client thinks he does" with "the
client expects"

section 2.7.2, same change, line 435

(11) Does it ever make sense to include an embedded policy statement
rather than a policy URI? Probably not.

(12) Editorial, 2.7.3 ClaimedIdentity, change "MUST further" to "MUST"

(13) SignResponse, line 525 section 3.2
Why must a SignResponse not include a SignaturePointer? If such a
pointer used a URI then the client could retrieve the signature later
from a server via HTTPS GET and the URI?

(14) Add to processing rule step 2a at end, line 562:

"A signature MUST NOT be created if more than one RefURI is omitted in
the set of input documents."

(this is explicit in ds:Signature rules, but probably worth making
explicit here)

(15) IntendedAudience, section 3.4.3 line 611

Presumably this does not have the same meaning as a SAML
AudienceRestriction, ie. the signature may be passed to other audiences
later.

(16) SignedReferences processing rule implication is not clear
At 3.4.5 line 638-640, this is not clear. Which second step is referred
to? Is a mixture of SignedReferences and non-SignedReferences possible?

(17) Properties, Value. Can a Property have more than one Value?
Should schema have maxOccurs="1" (line 715)

(18) Editorial, VerifyRequest, section 4.1, line 771

remove "(i.e. deleting the signature)" - the signature isn't actually
deleted, but the signature processing rules must exclude the signature -
this parenthetical might make it more confusing.

(19) Editorial, line 773, replace "A list of" with "The"

(20) Would it make processing of SignaturePtrs easier if InputDocuments
were first in VerifyRequests?

If so, move InputDocuments element first in schema sequence, lines
777-779

(21) Basic Processing, step 3, line 815, it isn't clear how the
transform verification will work if some transforms are added
transparently by a signing server. If the verification is done at a
different server with different rules, how are transforms known other
than trusting the list?

(22) Why aren't ReturnTimestampTime and Output TimestampTime defined in
the Timestamp profile instead of core? Sec 4.5.6, line 971

(23) Clarify that a signature may only be updated by adding unsigned
attributes. Otherwise a new signature must be created to apply the key
to changed content. Section 4.5.8, line 991

(24) Transformed Document line 4.5.9
Might a client want to see the result of applying combinations (1 or
more of the transforms)?

Is use of an index fragile for references - is order always guaranteed?
Should XPath be considered?

Should the result include the Transform(s) used, to confirm correctness
of operation?

(25) 5.1.1 , line 1081, XMLTimeStampToken
Shouldn't Reference for "this document" contain "" for URI? This would
Sign entire XMLTimeStampToken, excluding enveloped signature. Is this
what is wanted and being said here? 

(26), Creation Time ins section 5.1.2, line 1099

Shouldn't we replace "was started" with "completed". Ie time is from
when entire request has been received (effective start) until entire
operation done.

(27) SAML reference should be updated to SAML 1.1, line 1355
http://www.oasis-open.org/committees/download.php/3405/oasis-sstc-saml-
bindings-1.1.pdf


(28) Draft 11 is missing revision history entry

regards,

Frederick

Frederick Hirsch
Nokia

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]