Re: [xacml-comment] Signature profile

[Anne Anderson <Anne.Anderson@sun.com>]

Hi Frederic,

Only 2.1 (recommendation to use SAML as the envelope around XACML 
artifacts to be signed) is normative.  Neither 2.2 (Canonicalization) 
nor 2.3 (handling of schemas related to signing operations) is normative.

This profile is intended to guide those who need to make use of signed 
XACML artifacts toward an acceptable solution, although it does not try 
to specify a complete solution itself.  The XACML TC is primarily 
relying on other groups to specify requirements for robust signature 
operations, as these are common to many payloads, and not just XACML 
artifacts.  Due to the current lack of such a specification, this 
profile mentions various considerations that are important, but it is 
not intended to override or substitute for any normative specification 
by another group such as the SSTC that may more properly deal with 
payload signatures in a general way.  I have been surprised that there 
has not been more activity in this area driven by interoperability needs.

I personally found the reference [ScC14N] (Schema Centric XML 
Canonicalization), while it is currently a Committee Specification and 
not an OASIS Standard, to be helpful in addressing various requirements 
for robust signature operations.

Regards,
Anne

Frederic Deleon wrote:

> Hi,
> 
> I would like to know exactly which part of XML Digital Signature profile 
> of XACML is normative?
> Paragraph 2.1 is tagged as normative section. But what is about 2.2 and 
> 2.3? Are they normative too?
> 
> Frederic Deléon
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: xacml-comment-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: xacml-comment-help@lists.oasis-open.org
> 

-- 
Anne H. Anderson               Anne.Anderson@sun.com
Sun Microsystems Labs          1-781-442-0928
Burlington, MA USA