OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: Way forward on issues

Dear All,

Our objective is top clear off all the issues as much as possible at
Monday's conference call, and by the end of next week at the latest so that
Stefan call produce a revised Core for completion in July.  In order to meet
this objective Stefan, Juan Carlos and I consider the following resolutions
best respresent the current consensus on the outstanding issues.

Nick

(Note see also Comments document:
http://www.oasis-open.org/apps/org/workgroup/dss/download.php/12641/oasis-ds
s-1.0-comments-track-wd-02-dl-20050515.doc
)

> - Enveloping signatures

Core only supports transformations done at server end.  Handling enveloping
for other use cases may be defined in future profiles.

> - Namespace inheritance

The core supports use cases where either:
a) all transformations required fopr signature, including canonicalization,
are done at the client end,
b) all transformations required for the signature are applied at the server
end.

Future profiles may define procedures for other use cases for some
transformations done in the client and some in the server.

> 2.1 XMLData encoding issue

The core defines use of base64 for encoding binary documents, and use of
either:
    Escaped XML or Base64 for XMLData

Note: In the situation where the client applies transformations, including
Canonicalization, to XML then it is recommended that Base64 is used,
otherwise Escaped XML should be used.

(JC - I thought of the use case that would make Base64 encoding of XML a
good idea as above)

> 2.2 Exclusive canonicalisation

By default where server is not applying transforms other than "normal"
canonicalization then after extracting the XML document from the DSS
protocol envelope, without taking inherited namespaces and attributes,
standard (c14n) canicalization is applied.  In situations where the server
is applying other transforms then the server shall apply the appropriate
form of canonicalization and indicate the transforms applied, including
canonicalization if necessary, in the DS:SignedInfo.

> 2.3 Unique Particle attribution

Use solution 1 in comments tracking document (This is in line with XMLDSig)

> 2.4 Ambiguity in section 3.5.8

Provide text describing enveloping in line with decision above under
enveloping

> 2.5 XPath expression's comment

Update as proposed by Konrad (see line 205 of comments document)

> 2.9 Document vs. Signature Validation

No change to the core.  A simplified subset of the core may be defined in
future profile(s).

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]