[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments on Core Spec WD 17 & xsd
Hi all, some pseudo-editorial comments to the Core Spec WD 17 - line 353: elements -> attributes (according to xsd) - line 530: If it's mentioned in 1.d that the children of <DocumentHash> elements are taken as "output" of this step, the distinctions in 2.d and 2.e don't have to be made. - line 547: Using C14N: isn't this the default behavior of XMLSig ? I know the 'user' can override this default, but maybe it should be mentioned that the default behavior is a MUST for this spec? - Line 1100: "The <XMLTimeStampToken> element is of type ds:SignatureType. Using ds:SignatureType allows conventional XML Signature implementations to validate the signature," So a <dss:Timestamp> looks like this: <Timestamp> <XMLTimeStampToken Id="ID000010"> <ds:SignedInfo Id="ID000011"> <ds:CanonicalizationMethod Algorithm="aaaaa"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="bbbbb"></ds:SignatureMethod> etc... </XMLTimeStampToken> </Timestamp> I agree that this looks like an XML DSig an that it can be verified as if it was on ordinary XML DSig, but I don't know if an ordinary XMLDSig implementation will be able to verify this, since the <ds:Signature> element is replaced by <dss:XMLTimeStampToken> (different element names, different namespace) - line 1140: creationTime attribute value -> CreationTime (element) value) - line 1168: Omitting the URI from a reference. If the TstInfo can have an ID, why not just refer to it? From the XMLDSig spec: "If the URI attribute is omitted altogether, the receiving application is expected to know the identity of the object. For example, a lightweight data protocol might omit this attribute given the identity of the object is part of the application context." I see two inconsistencies: * this is not a light-weight implementation * it's not possible to pull the signature through a 'standard' verification program - line 1172-1176: tstInfo->TstInfo, policy, errorbound and creationtime are elements, not attributes - the .xsd file: I had to change 2 things to load it into XMLSpy: * The dss namespace declaration: xmlns:dss="http://www.docs.oasis-open.org/dss/2004/04/oasis-dss-1.0-core-schema-wd-17.xsd" -> xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema" * The SAML namespace import: schemaLocation="http://www.oasis-open.org/committees/download.php/3407/ oasis-sstc-saml-schema-protocol-1.1.xsd" -> schemaLocation="http://www.oasis-open.org/committees/download.php/3408/ oasis-sstc-saml-schema-assertionl-1.1.xsd" (I'm not an expert in these things, so don't ask me why :) That's it for the moment; I'm also planning to make some constructive remarks on how to embed linked-timestamps into DSS. To be continued. best regards, Karel Wouters ------------------------------------------------------------------------------------ Katholieke Universiteit Leuven tel. +32 16 32 96 17 Dept. Electrical Engineering-ESAT / COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, BELGIUM http://www.esat.kuleuven.ac.be/cosic ------------------------------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]