ISSUE-162: Need to reconcile new 2.0 processing model/transform with legacy Object/Manifest material

Need to reconcile new 2.0 processing model/transform with legacy Object/Manifest material

State:
CLOSED
Product:
XML Signature 2.0
Raised by:
Scott Cantor
Opened on:
2010-01-05
Description:
The old spec includes several features related to unusual wrapping and referencing of content to sign, and this material is inconsistent with the new text on selection.

Will reliable determination of Object element type and encoding be possible under 2.0 Transform?

In XML Signature 1.1 the following discussion is relevant:

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-Object

specifically, [[ Applications which require normative type and encoding information for signature validation should specify Transforms with well defined resulting types and/or encodings. ]]

The Signature 2.0 will only have one transform, so transforms will typically not be used to determine type and encoding for Object. Another means should be provided, or normative language updated appropriately.
Related Actions Items:
Related emails:
  1. Agenda - Distributed Meeting 2010-07-06 (from Frederick.Hirsch@nokia.com on 2010-07-02)
  2. Agenda - Distributed Meeting 2010-06-29 (from Frederick.Hirsch@nokia.com on 2010-06-28)
  3. draft minutes 2010-05-25 (from tlr@w3.org on 2010-05-27)
  4. Agenda - Distributed Meeting 2010-04-27 (from frederick.hirsch@nokia.com on 2010-04-26)
  5. Draft minutes: XML Security WG 2010-04-20 (from tlr@w3.org on 2010-04-21)
  6. Updated minutes from 2010-03-09 (v2) (from frederick.hirsch@nokia.com on 2010-03-10)
  7. Minutes 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-09)
  8. Re: Agenda - Distributed Meeting 2010-03-09 (from tlr@w3.org on 2010-03-09)
  9. Agenda - Distributed Meeting 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-08)
  10. Draft minutes 2010-03-02 (from frederick.hirsch@nokia.com on 2010-03-02)
  11. Agenda - Distributed Meeting 2010-03-02 v2 (from frederick.hirsch@nokia.com on 2010-03-01)
  12. Updated draft minutes from 23 February, for review and approval (from frederick.hirsch@nokia.com on 2010-03-01)
  13. Agenda - Distributed Meeting 2010-03-02 (from frederick.hirsch@nokia.com on 2010-02-25)
  14. new ISSUE-162: signature 2.0, can Object type and encoding be determined reliably? (from frederick.hirsch@nokia.com on 2010-01-05)

Related notes:

Ed noted an explicit issue with the old text mentioning the ability to sign only the content of an Object element, which the new selection model can't do.

http://lists.w3.org/Archives/Public/public-xmlsec/2010Apr/0032.html
(item 7)

Scott Cantor, 20 Apr 2010, 15:44:58

New text in 2.0 document, http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-Object :

Applications that require normative type and encoding information for signature validation should specify the Type and possibly SubType in the Selection element ("2.0 mode") or specify Transforms with well defined resulting types and/or encodings ("compatibility mode").


Frederick Hirsch, 2 Jul 2010, 15:42:38

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 162.html,v 1.1 2017/01/10 16:24:44 carine Exp $