[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: TRP comments by Shimanura-san that MAY apply to TP
Someone please check to see if the appended set of TRP comments apply to
the TP spec. Please indicate that you are looking into it and when you
will provide an answer. If any changes are needed, it would be best if we
put them in before submitting the spec for the next round of QR and Public
Review.
NOTE: Any changes due to these comments have to be reflected in some or
all of the XSD, DTD, and CPP and CPA samples unless they are in areas of
the XMLDSIG definition that we haven't included in detail.
(Chris?) Should the messageOrderSemantics attribute be added to the
ReliableMessaging element or is it intended to be specified on a message by
message basis?
(Chris, Dale, or Tony?) Shimamura-san is requesting some changes to the
digital signature elements in the message service specification to update
it to the current level of XMLDSIG. Are his proposals correct? Do any of
these changes apply to the TP spec, given the level of detail in our
current signture elements? Please check both under ds:Signature and under
ProcessSpecification (ds:Reference).
At a glance, I see:
Comment to line 1735 of TRP spec is a possible problem for us regarding
the ds: prefix and namespace definition. Should we delete the ds:
prefix anywhere? everywhere? I believe that the comment applies only to
the namespace definition since the TRP spec has the ds:prefix everywhere
else.
Comment to line 1692 apparently applies to us (algorithm attribute value
under SignatureMethod)
Comment to line 1699 apparently applies to us (correction to value of
Type attribute)
Comment to line 1737 apparently applies to us. Under ds:Signature, we
do not spell out the full URL of the canonicalization method (algorithm
attribute).
Comment to line 1737: Under ProcessSpecification, the algorithm we show
in the XML example agrees with the one in the comment below except that
we name the attribute ds:Algorithm while the comment below shows it as
Algorithm (this probably relates to the comment to line 1735 above).
Also, under ProcessSpecification, we do not spell out the algorithm at
all in the text but just refer to [XMLC14N]. Since the algorithm is
shown in the sample, we probably should add a brief sentence or
paragraph on it.
*************************************************************************************
Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287; IBM tie line 863-7287
Notes address: Martin W Sachs/Watson/IBM
Internet address: mwsachs @ us.ibm.com
*************************************************************************************
---------------------- Forwarded by Martin W Sachs/Watson/IBM on 04/11/2001
09:26 AM ---------------------------
SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com> on 04/11/2001 03:44:18 AM
To: ian.c.jones@bt.com
cc: ebxml-transport@lists.ebxml.org
Subject: Re: Outstanding Issues/Comments list
Mr. Ian Jones,
Thank you for creating the issue list. However it lacks a issue about
messageOrderSemantics I pointed out. And also I have obtained XML
Signature related issues from security experts. Can I ask you to add
attached comments to the list?
----------------------------------
Comments on Message Service v0.98b
----------------------------------
Minor Technical
Line 549-551 says:
If messageOrderSemantics is set to Guaranteed, the To Party MSH
MAY correct invalid order of messages using the value of
~~~
SequenceNumber in the conversation specified by the ConversationId.
Comments:
We decided that "When OnceAndOnlyOnce is specified and
messageOrderSemantics is set to "Guaranteed", SequenceNumber MUST be
present. In this case, receiving MSH MUST guarantee message order."
The line 549-551 does not follow our decision.
Suggestions:
Change the word "MAY" in line 549 to "MUST".
Reference:
see discussion <
http://lists.ebxml.org/archives/ebxml-transport/200103/msg00146.html>.
Minor Technical
Line 569-570 says:
The SequenceNumber element MUST appear only when deliverySemantics
is OnceAndOnlyOnce. ...
Comments:
This description is still not clear.
Suggestions:
Change the description into following to follow our decision exactly.
When deliverySemantics is OnceAndOnlyOnce and
messageOrderSemantics is Guarantee, the SequenceNumber element
MUST appear. When deliverySemantics is OnceAndOnlyOnce and
messageOrderSemantics is NotGuarantee, The SequenceNumber
element MAY appear. In any other case, this element MUST NOT
appear.
Reference:
see discussion <
http://lists.ebxml.org/archives/ebxml-transport/200103/msg00104.html>.
Minor Technical
Line 1735 says:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmlds#">
Comments:
Use of prefix does not follow the W3C XML Signature's DTD.
Suggestions:
Remove the prefix "ds" in description on page 52-53, and define
name space as following in line 1735:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
Minor Technical
Line 1692-1694 says:
The ds:SignatureMethod element SHALL be present and SHALL have an
Algorithm attribute. The RECOMMENDED value for the Algorithm
attribute is:
http://www.w3.org/2000/02/xmldsig#sha1
Comments:
The specified URI <http://www.w3.org/2000/02/xmldsig#sha1> is older
algorithm. The W3C XML Signature spec uses following Algorithm:
<http://www.w3.org/2000/09/xmldsig#dsa-sha1>
<http://www.w3.org/2000/09/xmldsig#rsa-sha1>
(By the way, the sample on page 54 uses
<http://www.w3.org/2000/09/xmldsig#dsa-sha1>).
Suggestions:
Change <http://www.w3.org/2000/02/xmldsig#sha1> in line 1694 into
<http://www.w3.org/2000/09/xmldsig#dsa-sha1>.
Minor Technical
Line 1699-1701 says:
... The ds:Reference element for the ebXML Header document MAY
include a Type attribute that has a value
"http://www.w3.org/2000/02/xmldsig#Object" in accordance with
[XMLDSIG]. ...
Comments:
The specified URI <http://www.w3.org/2000/02/xmldsig#Object> is older
definition. Latest definition is:
<http://www.w3.org/2000/09/xmldsig#Object>
Suggestions:
Change <http://www.w3.org/2000/02/xmldsig#Object> in line 1701 into
<http://www.w3.org/2000/09/xmldsig#Object>.
Minor Technical
Line 1737 says:
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/TR/2000/WD-xml-c14n-20001011"/>
Comments:
The specified URI is older algorithm. Latest algorithm is:
<http://www.w3.org/TR/2000/CR-xml-c14n-20001026>
Suggestions:
Change <http://www.w3.org/TR/2000/WD-xml-c14n-20001011> in line 1737
into <http://www.w3.org/TR/2000/CR-xml-c14n-20001026>.
----------------------------------
Regards,
--
SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com>
TEL:+81-45-476-4590(ext.7128-4241) FAX:+81-45-476-4726(ext.7128-6783)
Planning Dep., Strategic Planning Div., Software Group, FUJITSU LIMITED
------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: ebxml-transport-request@lists.ebxml.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC