XML-Signature Editors' Page [ ascii]
This page provides editors information relevant to the XML-Signature WG.
| Source | Isssue | Owner | Resolution |
| reagle | Keep namespace URIs consistent, rewrite so they are dereferenceable. | reagle | 20000114/ |
| ? | I have a question regarding the SignedInfo "Type" attribute: In the latest draft version (19991217) section 2.3 asserts the following: "The optional Type attribute provides information about the content of the resource identified by URI/IDREF. In particular, it can indicate that it contains a SignatureProperties, Manifest, or Package element." If the ressource is identified by an IDREF, I think there is no problem. But what happens if the resource is part of an XML document and is identified by means of an URI and a XPath Transform? Is this possible at all? If yes, what does the assignment of the "Type" attribute mean in that case? | eastlake | open: tweak text. |
| Boyer, Karlinger, Karlinger | Do we get rid of IDREF | reagle | FTF: no |
| ? | KeyInfo: Note: Maybe consider group's attribute maxOccurs to be '*' instead of '1' | solo | FTF: done |
| ? | Transform: Maybe consider to change the type of attribute 'Charset' to 'uri'. | Eastlake | 000302: should be IANA charset types |
| ? | >Section "3.3.3.1 The Transforms
Element":
>In this section there is no hint (neither in the textual
description nor in the >Schema definition) that the "Transform"
element could have mixed content. But >in section 5.6 the
specification defines some character content for the "Transform"
>element.
| reagle | 20000114/: changed to mixed. |
| Boyer | Transforms don't presently provide closure. | reagle | Done: statement of what was done. |
| reagle | Don't understand, " If this fact is important, then additional information (such as by including References to both the original and transformed documents) is needed. | eastlake | resolved through tweaking/
clarity |
| reagle | remove package | reagle | 20000114/ |
| ? | content of algorithm elements should be ANY (shouldn't be parameter *) add comment: done. | eastlake | done |
| connolly | Encoding or Decoding: Is the signature syntax a declaration of what the creator did to create the signature. | reagle | statement of what was done |
| connolly | CanonicalizationMethod is optional though we don't define a default. | presently no defaults, make consistent | |
| RE: Signature definitions | Fix signature definitions | reagle | 20000114/ |
| Mark_Champine | 2. The capitalization of RFC2119
keywords (RECOMMENDED etc.) is not
consistent. | reagle | 20000114/: added a section describing how we use these terms. |
| Mark_Champine | 5. "BASE64" is inconsistently
capitalized/hyphenated/spaced.
| reagle | done |
| Mark_Champine | Spell check
6. Typos:
| reagle | 20000114/ |
| Solo |
From: david.solo@citicorp.com
- 2.1, par 1 "While the data object(s) are not
directly .... over the data
- 2.3 third from last par "Transforms can include
arbitrary specifications such
- 3.6 (and throughout 3) I thought we'd decided
that algorithm parameters were
| reagle | done |
| reagle | Signing Signature: do you point at the SignedInfo ID (which is part of original signature) or at Signature ID (which is not) | reagle | FTF |
| reagle | Include DSS schema in schema def | reagle | ASAP |
| reagle | Make case of namespace IDs consistent (base64 or Base64, Manifest or manifest,e tc.) | reagle | ASAP |
| reagle | Do we specifcy c14n further, or we happy with XML c14n? | reagle | 000302: with the clarification on line ends, seems resolved. |
| reagle | Should Object be <!ELEMENT Object ( (#PCDATA), SignatureProperties) > | reagle | ASAP |
| Karlinger | Date: Wed, 12 Jan 2000 11:08:00 +0100
From: Gregor Karlinger <Gregor.Karlinger@iaik.at> To: "Joseph M. Reagle Jr." <reagle@w3.org> Subject: Draft 04-January-2000: Errors and typos I have found the following errors and typos in our latest draft: [many small typos corrected and ommitted from this listing.] #########################################
############################################
Section 3.4, DTD content model for Element
X509Data:
#################################
Section 4.1, DTD:
[Should go with original DTD] #####################################
########################################
| reagle | FTF, edits and tweaks |
| Karlinger | Inconsistent treatment of parameters. | reagle | Done |
| Karlinger | If minimal canonicalization or Canonical XML has been chosen it is clear what forms the input of the signature method, because both methods are using UTF-8 as character encoding. But what if no canonicalization is used? | reagle | 000302. |
| reagle | Does KeyInfo have a SubjectName element and a type attribute? | reagle | Done - no. |
| Solo | 1.3 General issue - the question was raised as to whether since the version is implied by the namespace, do we need to make sure the version is explicitly bound under the signature (it may be already, I'm not sure whether there's a way to include the reference to the schema/DTD within signed info). If not, we might need to thing about recommending inclusion of a reference to the signature schema in cases where this is a concern. | Solo | Done - removed comment, added cautionary discussion. |
| Solo | 1.3 last par (security comment) I don't like leaving a sentence like "we haven't assessed the risk" in for last call. I'd suggest an explicit recommendation that if null c14n is used for signedInfo, then all namespaces must be fully expanded. [P.S. there's no 1.4] | Reagle | Done. (see previous) |
| ? | Need to define HMAC output lengths and define element types. | Bartel | Done |
| Solo | Repeat! Remove "While the data object(s) are not directly operated on by a cryptographic signature algorithm, we still refer to the signature as being over the data object(s)." | Reagle | ASAP |
| Solo | Figure out proper author attribution for IETF RFC format. | ? | ASAP |
Last revised by Reagle $Date: 2000/12/07 15:19:39 $
=======