W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008


From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 22 Jul 2008 12:13:20 -0400
To: <public-xmlsec@w3.org>
Message-ID: <031701c8ec15$db7845e0$9268d1a0$@2@osu.edu>

(The tracker form didn't work for me, so I'm using email.)

Enabling signature verification without schema validation

We should study and provide solutions and/or guidelines for people that need
to sign and verify documents without relying on schema validation. This
includes addressing "ID" attributes (not everything uses or will use
xml:id), default attributes, the effects of schema normalization, and so

Pretty well-known...people don't use schema validation in many runtime
scenarios, which makes ID attributes an application-specific issue, creating
layering violations. Other things like default attributes and schema
normalization cause verification failures if the sender and the receiver
differ in whether they validate and how.

Various suggestions about some of these issues came up during the workshop,
including ideas like supplying a kind of "mini-DTD" within the Signature
that could inform the signature processor of ID attributes, defaults, and
the like. Some kind of general "processing instruction" approach might make
sense to accommodate an extensible set of issues.

-- Scott
Received on Tuesday, 22 July 2008 16:13:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:09 UTC