ISSUE-43: Improvements to XML Signature schema
Improvements to XML Signature schema
- State:
- CLOSED
- Product:
- XML Signature 2.0
- Raised by:
- Scott Cantor
- Opened on:
- 2008-07-29
- Description:
- Related Actions Items:
ACTION-24 on Scott Cantor to Review schema for improvements - due 2008-11-30, closedACTION-543 on Scott Cantor to Make proposals for the last two points noted in ISSUE-43 comments - due 2010-06-01, closed- Related emails:
- Agenda - Distributed Meeting 2010-12-07 (from Frederick.Hirsch@nokia.com on 2010-12-06)
- Agenda - Distributed Meeting 2010-11-30 (from Frederick.Hirsch@nokia.com on 2010-11-30)
- Regrets for Distributed Meeting 2010-11-16 (v2) (from edsimon@xmlsec.com on 2010-11-15)
- Agenda - Distributed Meeting 2010-11-16 (v2) (from Frederick.Hirsch@nokia.com on 2010-11-15)
- Agenda - Distributed Meeting 2010-11-16 (from Frederick.Hirsch@nokia.com on 2010-11-12)
- F2F Agenda (v2) 1-2 November 2010 (from Frederick.Hirsch@nokia.com on 2010-10-26)
- Agenda - Distributed Meeting 2010-10-26 (from Frederick.Hirsch@nokia.com on 2010-10-25)
- Agenda - Distributed Meeting 2010-09-07 (v2) (from Frederick.Hirsch@nokia.com on 2010-09-07)
- Agenda - Distributed Meeting 2010-09-07 (from Frederick.Hirsch@nokia.com on 2010-09-02)
- Agenda - Distributed Meeting 2010-08-31 (from Frederick.Hirsch@nokia.com on 2010-08-30)
- RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-07)
- RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-02)
- Draft minutes from 6/1/10 call (from cantor.2@osu.edu on 2010-06-01)
- RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from cantor.2@osu.edu on 2010-06-01)
- RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from pratik.datta@oracle.com on 2010-06-01)
- Agenda - Distributed Meeting 2010-06-01 (from Frederick.Hirsch@nokia.com on 2010-06-01)
- draft minutes 2010-05-25 (from tlr@w3.org on 2010-05-27)
- ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments (from cantor.2@osu.edu on 2010-05-25)
- Updated minutes from 2010-03-09 (v2) (from frederick.hirsch@nokia.com on 2010-03-10)
- Minutes 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-09)
- Re: Agenda - Distributed Meeting 2010-03-09 (from tlr@w3.org on 2010-03-09)
- Agenda - Distributed Meeting 2010-03-09 (from frederick.hirsch@nokia.com on 2010-03-08)
- Agenda - Distributed Meeting 2010-03-02 v2 (from frederick.hirsch@nokia.com on 2010-03-01)
- Updated draft minutes from 23 February, for review and approval (from frederick.hirsch@nokia.com on 2010-03-01)
- Agenda - Distributed Meeting 2010-03-02 (from frederick.hirsch@nokia.com on 2010-02-25)
- Updated F2F Minutes for Review and Approval (from frederick.hirsch@nokia.com on 2009-11-19)
- Agenda: Distributed meeting 2008-12-02 v3 (from frederick.hirsch@nokia.com on 2008-12-02)
- Agenda: Distributed meeting 2008-12-02 v2 (from frederick.hirsch@nokia.com on 2008-12-01)
- Agenda: Distributed meeting 2008-12-02 (from frederick.hirsch@nokia.com on 2008-11-21)
- Agenda: Distributed meeting 2008-11-04 v2 (from frederick.hirsch@nokia.com on 2008-11-03)
- Agenda: Distributed meeting 2008-11-04 (from frederick.hirsch@nokia.com on 2008-10-31)
- Meeting record: 2008-07-29 (from tlr@w3.org on 2008-08-12)
- Draft minutes for Jul 29 meeting (from cantor.2@osu.edu on 2008-07-31)
Related notes:
XMLSig schema erroneously types the SerialNumber as a number and not a string. Large serial numbers,
such as OpenSSL generates, blow through the numeric limits of common parsers. (from Scott on another list)
follow up with review of Scott's notes and editorial actions
http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0049.html
The plan is for XML Signature 2.0 to remain schema-compatible with 1.x, which limits the ability to easily correct many of the issues raised.
The missing IDs have been addressed by creating a new alternative to RetrievalMethod (KeyInfoReference) that doesn't need to point to KeyInfo children.
The Key representation suggestions were largely adopted in 1.1.
The problem with mixed content models really can't be fixed at this point, but we could choose to include normative "SHOULD NOT" language around some of the elements.
Finally, the X509IssuerSerial problem is severe enough that we might choose to address it. We could do so by non-normatively suggesting that implementations relying on schema validation use a modified schema that re-types the serial number as a string, or we could define a new child element in place of the original. It seems like for most implementations the modified schema approach would be sufficient and cause the least trouble.
[fjh]: remaining action is for mixed content, also IssueSerial
7 Sep 2010, 14:58:33There's text in 2.0 that rules out mixed content, so that completes the last of these issues.
Scott Cantor, 23 Nov 2010, 01:38:56Display change log