W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008

RE: XML Schema validation after adding a signature

From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 21 Jul 2008 17:08:51 -0400
To: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <02c001c8eb75$fa2bbad0$ee833070$@2@osu.edu>

> Advances in XML Schema 1.1 may make it possible to generically enable
> XML documents to be XML Schema validated, even after the addition of
> an XML Signature, and even without pre-defining a slot in the
> document schema specifically for XML Signature. This could enable
> additional XML Signature adoption by removing an issue related to XML
> validation after signing.
> 
> This might be done using ubiquitous wildcarding [1].

I only scanned it quickly, but I didn't see anything all that new in that
section that suggested any material impact on the ability to validate a
signature without having allowed for it. If your schema happens to have
wildcards, then sure, you can use a Signature in such a spot.

But in practice, I think documents that didn't "plan" to be signed tend to
be signed using enveloping signatures rather than trying to artificially
embed one inside the document.

Given the general sentiment against runtime validation of documents in many
applications, the more complex problem isn't maintaining schema validity
after signing, but rather accomplishing signature verification *without*
validation (i.e. the ID attribute problem, default attributes, etc).

-- Scott
Received on Monday, 21 July 2008 21:22:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT