OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: PR Comments for Profile for Comprehensive Multi-signature Verification Reports for OASIS Digital Signature Services Version 1.0

Here are my review comments acting in an  individual capacity as an OAIS TAB member.

Comments w.r.t http://docs.oasis-open.org/dss-x/profiles/verificationreport/oasis-dssx-1.0-profiles-vr-cd01.pdf 

In general a well written specification, although I would have like to have seen an overview of the profiles, before launching into
the detailed schema definitions in section 3. Something that provides an abstract description of the schema and processing rules
would help understand section 3 a bit easier. However, since this probably exists or is obvious from the Core DSS spec it is
profiling, I can live without it.

Cover Page: I blame Mary for not spotting this, but the cover page should at least say it is Public Review Draft 01! Also shouldn't
the declared namespace point to a RDDL document?

Line 4:  A namespace prefix is required for <VerifyRequest> since I don't think it is from this spec.

Line 11:  RFC2119 does not make a distinction of uppercase or lower case therefore the statement "When these words are not
capitalized, they are meant in their natural-language sense." is in violation of RFC2119 and against OASIS guidelines. In TCs that I
have participated in, we have generally found the words "can" "can not" a reasonable substitute for "MUST" "MUST NOT".
The OASIS Guidelines are at: http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.html 

Line 82:" If a future version of this specification is needed, it will use a different namespace." It is not necessary to make this
statement now! I suggest removing this sentence and let a future spec worry about it.
Line 114: according to OASIS Conformance Guidelines, use MUST instead of SHALL. There is one more occurrence line 983 (lowercase
shall), so see comment for line 11.

Line 1719: Conformance. 
1) There is no statement  that in order to comply with the spec that the  Basic profile MUST at least be supported - it's implied
but not said.
2) Line 1734 says "Advanced" yet line 1733 says "Comprehensive" .
3) It's not clear to me what the conformance target is i.e. to what are these rules aimed at? Is it a DSS protocol engine or what?
This may or may not be define in the core DSS spec but a definition here would help.

Martin Chapman | Standards Professional
Mobile: +353 87 687 6654 

ORACLE Ireland 
 "Please consider your environmental responsibility before printing this e-mail" 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]