OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: NEW ISSUE: Update XML Signature references to refer to XML Signature, Second Edition, update c14n reference in ws-trust

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL  
THE ISSUE IS ASSIGNED A NUMBER.

The issues coordinators will notify the list when that has occurred.

Protocol:  ws-trust,  ws-sc,  ws-sp

http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf

http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws- 
secureconversation-1.3-os.pdf

http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws- 
securitypolicy-1.2-spec-os.pdf

Artifact:  spec

Type: editorial

Title: Update XML Signature references to refer to XML Signature,  
Second Edition; update XML canonicalization reference to Canonical  
XML 1.1

Description:

The Second Edition of XML Signature [1] is not a new version of XML  
Signature and does not change the namespace for XML Signature, nor  
does it introduce breaking changes.  For this reason I believe we  
should be able to update all WS-SX references to refer to it.

This edition of XML Signature does incorporate errata, update RFC  
references, clarify text and introduce the new Canonical XML Version  
1.1  algorithm [2] as a required algorithm. Since uses of XML  
Signature may specify the algorithms used, SAML instances may  
continue to specify Canonical XML 1.0, though it would be preferable  
if Canonical XML 1.1 support were introduced and used.

Canonical XML 1.1 addresses issues related to inheritance of  
attributes in the XML namespace when canonicalizing document subsets,  
including the requirement not to inherit xml:id, and to treat  
xml:base URI path processing properly.

A summary of changes in XML Signature Second Edition is available at  
[3], and a redline at [4].

[1] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/

[2] http://www.w3.org/TR/xml-c14n11/

[3] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain

[4] http://www.w3.org/2008/xmlsec/xmlsec-redline.html


Related issues: none


Proposed Resolution:

Add errata for WS-Trust 1.3 Section 1.6  lines 189-191; WS- 
SecureConversation 1.3  Section 1.6 lines 161-163; and WS- 
SecurityPolicy  1.2 Section 1.5 lines 252-254  to replace a reference  
to XML Signature with the updated XML Signature, Second Edition  
reference, as follows

Original text:
[XML-Signature] W3C Recommendation, "XML-Signature Syntax and  
Processing", 12 February 2002.
http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/

New text:
[XML-Signature] W3C Recommendation, D. Eastlake et al. XML Signature  
Syntax and Processing (Second Edition). 10 June 2008. http:// 
www.w3.org/TR/2008/REC-xmldsig-core-20080610/

In addition, add errata for WS-Trust 1.3 Section 1.6  lines 178-179;

Original text:
[XML-C14N] W3C Recommendation, "Canonical XML Version 1.0", 15 March  
2001. http://www.w3.org/TR/2001/REC-xml-c14n-20010315

New text:
[XML-C14N] W3C Recommendation, "Canonical XML Version 1.1",  2 May  
2008. hhttp://www.w3.org/TR/2008/REC-xml-c14n11-20080502/

regards, Frederick

Frederick Hirsch
Nokia

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]