ISSUE-43: Improvements to XML Signature schema

Improvements to XML Signature schema

State:
CLOSED
Product:
XML Signature 2.0
Raised by:
Scott Cantor
Opened on:
2008-07-29
Description:
Related Actions Items:
Related emails:
  1. Agenda - Distributed Meeting 2010-12-07 (from Frederick.Hirsch@nokia.com on 2010-12-06)
  2. Agenda - Distributed Meeting 2010-11-30 (from Frederick.Hirsch@nokia.com on 2010-11-30)
  3. Regrets for Distributed Meeting 2010-11-16 (v2) (from edsimon@xmlsec.com on 2010-11-15)
  4. Agenda - Distributed Meeting 2010-11-16 (v2) (from Frederick.Hirsch@nokia.com on 2010-11-15)
  5. Agenda - Distributed Meeting 2010-11-16 (from Frederick.Hirsch@nokia.com on 2010-11-12)
  6. F2F Agenda (v2) 1-2 November 2010 (from Frederick.Hirsch@nokia.com on 2010-10-26)
  7. Agenda - Distributed Meeting 2010-10-26 (from Frederick.Hirsch@nokia.com on 2010-10-25)
  8. Agenda - Distributed Meeting 2010-09-07 (v2) (from Frederick.Hirsch@nokia.com on 2010-09-07)
  9. Agenda - Distributed Meeting 2010-09-07 (from Frederick.Hirsch@nokia.com on 2010-09-02)
  10. Agenda - Distributed Meeting 2010-08-31 (from Frederick.Hirsch@nokia.com on 2010-08-30)
  11. RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-07)
  12. RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-02)
  13. Draft minutes from 6/1/10 call (from cantor.2@osu.edu on 2010-06-01)
  14. RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from cantor.2@osu.edu on 2010-06-01)
  15. RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-01)
  16. Agenda - Distributed Meeting 2010-06-01 (from Frederick.Hirsch@nokia.com on 2010-06-01)
  17. draft minutes 2010-05-25 (from tlr@w3.org on 2010-05-27)
  18. ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from cantor.2@osu.edu on 2010-05-25)
  19. Updated minutes from 2010-03-09 (v2) (from frederick.hirsch@nokia.com on 2010-03-10)
  20. Minutes 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-09)
  21. Re: Agenda - Distributed Meeting 2010-03-09 (from tlr@w3.org on 2010-03-09)
  22. Agenda - Distributed Meeting 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-08)
  23. Agenda - Distributed Meeting 2010-03-02 v2 (from frederick.hirsch@nokia.com on 2010-03-01)
  24. Updated draft minutes from 23 February, for review and approval (from frederick.hirsch@nokia.com on 2010-03-01)
  25. Agenda - Distributed Meeting 2010-03-02 (from frederick.hirsch@nokia.com on 2010-02-25)
  26. Updated F2F Minutes for Review and Approval (from frederick.hirsch@nokia.com on 2009-11-19)
  27. Agenda: Distributed meeting 2008-12-02 v3 (from frederick.hirsch@nokia.com on 2008-12-02)
  28. Agenda: Distributed meeting 2008-12-02 v2 (from frederick.hirsch@nokia.com on 2008-12-01)
  29. Agenda: Distributed meeting 2008-12-02 (from frederick.hirsch@nokia.com on 2008-11-21)
  30. Agenda: Distributed meeting 2008-11-04 v2 (from frederick.hirsch@nokia.com on 2008-11-03)
  31. Agenda: Distributed meeting 2008-11-04 (from frederick.hirsch@nokia.com on 2008-10-31)
  32. Meeting record: 2008-07-29 (from tlr@w3.org on 2008-08-12)
  33. Draft minutes for Jul 29 meeting (from cantor.2@osu.edu on 2008-07-31)

Related notes:

XMLSig schema erroneously types the SerialNumber as a number and not a string. Large serial numbers,
such as OpenSSL generates, blow through the numeric limits of common parsers. (from Scott on another list)

Frederick Hirsch, 19 Nov 2008, 22:12:59

follow up with review of Scott's notes and editorial actions

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0049.html

Frederick Hirsch, 6 Apr 2009, 13:37:57

The plan is for XML Signature 2.0 to remain schema-compatible with 1.x, which limits the ability to easily correct many of the issues raised.

The missing IDs have been addressed by creating a new alternative to RetrievalMethod (KeyInfoReference) that doesn't need to point to KeyInfo children.

The Key representation suggestions were largely adopted in 1.1.

The problem with mixed content models really can't be fixed at this point, but we could choose to include normative "SHOULD NOT" language around some of the elements.

Finally, the X509IssuerSerial problem is severe enough that we might choose to address it. We could do so by non-normatively suggesting that implementations relying on schema validation use a modified schema that re-types the serial number as a string, or we could define a new child element in place of the original. It seems like for most implementations the modified schema approach would be sufficient and cause the least trouble.

Scott Cantor, 23 Feb 2010, 16:19:27

[fjh]: remaining action is for mixed content, also IssueSerial

7 Sep 2010, 14:58:33

There's text in 2.0 that rules out mixed content, so that completes the last of these issues.

Scott Cantor, 23 Nov 2010, 01:38:56

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 43.html,v 1.1 2017/01/10 16:24:52 carine Exp $