W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2009

Re: Response to enquiries regarding RELAX-NG schema for XML Signature

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Wed, 23 Sep 2009 09:02:19 +0900
To: "Scott Cantor" <cantor.2@osu.edu>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>, Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20090923090218.8B62.B794FC04@asahi-net.or.jp>
Scott,

Thank you for your reply.  I appreciate it very much.

I agree that the RELAX NG schema has to exactly capture what is allowed
in the current XML Signature spec.  However, since sometimes the XSD
schema and prose in the spec are slightly different, I do not always
understand the intention.

Specifically, I have questions as below:

When @Algorithm in a Transform element has the value
"http://www.w3.org/2000/09/xmldsig#base64", can this element have a
child element?  6.2.2 says: "The base64 Transform element has no
content", which appears to disallow foreign elements as well 
as textual content.

Can the first child of a SPKIData foreign element?  One
sentence in 4.4.6, namely "SPKISexp can be complemented/extended by
siblings from an external namespace within SPKIData", appears 
to allow such a foreign eldest child, but the schema does not.

When @Altorithm of a DigestMethod element has the value
"http://www.w3.org/2000/09/xmldsig#sha1", can this element have a
child element?  6.2.1 says: "The SHA-1 algorithm [SHA-1] takes no
explicit parameters.", but it is not clear whether or not 
foreign elements are allowed.

When @Algorithm of a SignatureMethod element has the value 
"http://www.w3.org/2000/09/xmldsig#dsa-sha1", can this element have 
elements other than a single HMACOutputLength element?

Cheers,
Makoto
Received on Wednesday, 23 September 2009 00:03:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:59 GMT