[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments on Core Spec WD 17 & xsd
Hi all,
some pseudo-editorial comments to the Core Spec WD 17
- line 353: elements -> attributes (according to xsd)
- line 530: If it's mentioned in 1.d that the children of <DocumentHash>
elements are taken as "output" of this step, the distinctions in 2.d and
2.e don't have to be made.
- line 547: Using C14N: isn't this the default behavior of XMLSig ?
I know the 'user' can override this default, but maybe it should be
mentioned that the default behavior is a MUST for this spec?
- Line 1100: "The <XMLTimeStampToken> element is of type
ds:SignatureType. Using ds:SignatureType allows conventional XML Signature
implementations to validate the signature,"
So a <dss:Timestamp> looks like this:
<Timestamp>
<XMLTimeStampToken Id="ID000010">
<ds:SignedInfo Id="ID000011">
<ds:CanonicalizationMethod Algorithm="aaaaa"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="bbbbb"></ds:SignatureMethod>
etc...
</XMLTimeStampToken>
</Timestamp>
I agree that this looks like an XML DSig an that it can be verified as
if it was on ordinary XML DSig, but I don't know if an
ordinary XMLDSig implementation will be able to verify this, since
the <ds:Signature> element is replaced by <dss:XMLTimeStampToken>
(different element names, different namespace)
- line 1140: creationTime attribute value
-> CreationTime (element) value)
- line 1168: Omitting the URI from a reference. If the TstInfo can have an
ID, why not just refer to it? From the XMLDSig spec:
"If the URI attribute is omitted altogether, the receiving application
is expected to know the identity of the object. For example, a
lightweight data protocol might omit this attribute given the
identity of the object is part of the application context."
I see two inconsistencies:
* this is not a light-weight implementation
* it's not possible to pull the signature through a 'standard'
verification program
- line 1172-1176: tstInfo->TstInfo, policy, errorbound and creationtime
are elements, not attributes
- the .xsd file: I had to change 2 things to load it into XMLSpy:
* The dss namespace declaration:
xmlns:dss="http://www.docs.oasis-open.org/dss/2004/04/oasis-dss-1.0-core-schema-wd-17.xsd";
-> xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema"
* The SAML namespace import:
schemaLocation="http://www.oasis-open.org/committees/download.php/3407/
oasis-sstc-saml-schema-protocol-1.1.xsd"
-> schemaLocation="http://www.oasis-open.org/committees/download.php/3408/
oasis-sstc-saml-schema-assertionl-1.1.xsd"
(I'm not an expert in these things, so don't ask me why :)
That's it for the moment;
I'm also planning to make some constructive remarks on how to embed
linked-timestamps into DSS. To be continued.
best regards,
Karel Wouters
------------------------------------------------------------------------------------
Katholieke Universiteit Leuven tel. +32 16 32 96 17
Dept. Electrical Engineering-ESAT / COSIC
Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, BELGIUM
http://www.esat.kuleuven.ac.be/cosic
------------------------------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]