[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Proposed errata for XML Signature references
The following explicitly diffs the original recommendation against the second edition: http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR% 2F2002%2FREC-xmldsig-core-20020212%2F&doc2=http%3A%2F%2Fwww.w3.org% 2FTR%2F2008%2FREC-xmldsig-core-20080610%2F (pink/green change, where pink is deleted, green is new, yellow new) regards, Frederick Frederick Hirsch Nokia On Aug 26, 2008, at 3:36 PM, Frederick Hirsch wrote: > I propose we reference XML Signature, Second Edition [1] in new > specifications produced by the SSTC, including those that have not > yet become OASIS Standard. I also propose corresponding errata > items for SAML 2.0, below. > > The Second Edition of XML Signature is not a new version of XML > Signature and does not change the namespace for XML Signature, nor > does it introduce breaking changes. For this reason I believe we > should be able to update SAML references to refer to it. > > This edition of XML Signature does incorporate errata, update RFC > references, clarify text and introduce the new Canonical XML > Version 1.1 algorithm [2] as a required algorithm. Since uses of > XML Signature may specify the algorithms used, SAML instances may > continue to specify Canonical XML 1.0, though it would be > preferable if Canonical XML 1.1 support were introduced and used. I > believe the benefits of referencing the Second Edition warrant > approving an errata item. > > Canonical XML 1.1 addresses issues related to inheritance of > attributes in the XML namespace when canonicalizing document > subsets, including the requirement not to inherit xml:id, and to > treat xml:base URI path processing properly. > > A summary of changes in XML Signature Second Edition is available > at [3]. > > Note that changing the reference in the SAML Conformance document > does not change the algorithms explicitly called out in that > document, though we may wish to discuss requiring Canonical XML > 1.1. I have not included that in this proposal. > > The Second Edition was not a joint IETF-W3C effort even though the > first edition was. There is work underway to produce a new RFC > corresponding to the Second Edition, but I propose SAML 2.0 only > reference the Second Edition Recommendation for the sake of clarify > of having a single reference. In addition the Recommendation is > listed under normative references while the RFC is listed under > informative references. The RFC is also referenced only in SAML > core while the Rec is referenced throughout the SAML 2.0 > specification set (as noted in the proposed errata below). > > Thus I specifically propose the following two errata to be added to > the errata document (once approved), as well as two new normative > references [4]: > > (1) Add additional normative references to Section 1.1 of the > Errata document: > > [SAMLAuthnCxt] J. Kemp et al. Authentication Context for the OASIS > Security Assertion Markup Language (SAML) V2.0. OASIS SSTC, March > 2005. Document ID saml-authn-context-2.0-os. See http://www.oasis- > open.org/committees/security/. > > [SAMLSecure] F. Hirsch et al. Security and Privacy Considerations > for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS > SSTC, March 2005. Document ID saml-sec-consider-2.0-os. See http:// > www.oasis-open.org/committees/security/. > > > ---- > E64: Update XML Signature references to XML Signature, Second Edition > > Change [SAMLCore] Section 9.1 at lines 3415-3416 , [SAMLProf] > Section 9 at lines 2205-2206, [SAMLAuthnCxt] Section 4 at lines > 3926-3928, [SAMLConf] Section 6 at lines 410-412, [SAMLSecure] at > lines 1078-1079 to replace a reference to XML Signature with the > updated XML Signature, Second Edition reference, as follows: > > Original text: > D. Eastlake et al. XML-Signature Syntax and Processing. World Wide Web > Consortium, February 2002. > > New text: > D. Eastlake et al. XML Signature Syntax and Processing, Second > Edition. World Wide Web > Consortium, June 2008. > > ---- > E65: Remove XML Signature RFC reference: > > Change [SAMLCore] Section 9.2 at lines 3439-3440 to remove the > following reference: > > [RFC 3075] D. Eastlake, J. Reagle, D. Solo. XML-Signature Syntax > and Processing. IETF > RFC 3075, March 2001. See http://www.ietf.org/rfc/rfc3075.txt. > > --- > > regards, Frederick > > Frederick Hirsch > Nokia > > > [1] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/ > > [2] http://www.w3.org/TR/xml-c14n11/ > > [3] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain > > [4] http://docs.oasis-open.org/security/saml/v2.0/sstc-saml- > approved-errata-2.0.pdf > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]