RE: Response to enquiries regarding RELAX-NG schema for XML Signature from Scott Cantor on 2009-09-23 (public-xmlsec@w3.org from September 2009)

From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 22 Sep 2009 21:13:32 -0400
To: "'MURATA Makoto $FAMILY Given$'" <eb2m-mrt@asahi-net.or.jp>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <03b701ca3beb$118c6f50$34a54df0$@2@osu.edu>

MURATA Makoto (FAMILY Given) wrote on 2009-09-22:
> I agree that the RELAX NG schema has to exactly capture what is allowed
> in the current XML Signature spec.  However, since sometimes the XSD
> schema and prose in the spec are slightly different, I do not always
> understand the intention.

The prose is normative in the sense that there are usually constraints there
that can't be expressed in XSD, so the rules tend to be a combination of the
two. My point was just that some of the issues you identified (e.g. the
mixed="true" problem) are probably bugs but that we're too late to fix, so
the RELAX version would have to replicate some of those mistakes rather than
fix them.

> Specifically, I have questions as below:
> 
> When @Algorithm in a Transform element has the value
> "http://www.w3.org/2000/09/xmldsig#base64", can this element have a
> child element?  6.2.2 says: "The base64 Transform element has no
> content", which appears to disallow foreign elements as well
> as textual content.

You may not be aware that XSD can't express content models based on the
value of an attribute or element. So wildcard content models in XSD that are
"profiled" by particular extension points are usually open in the schema,
but constrained in prose.

So the answer is, no, it can't have a child element, but the XSD can't
reflect that.

> Can the first child of a SPKIData foreign element?  One
> sentence in 4.4.6, namely "SPKISexp can be complemented/extended by
> siblings from an external namespace within SPKIData", appears
> to allow such a foreign eldest child, but the schema does not.

It's the second child element that's the extension, rather than the first.
That's what it means by "siblings". It doesn't read too badly to me.

> When @Altorithm of a DigestMethod element has the value
> "http://www.w3.org/2000/09/xmldsig#sha1", can this element have a
> child element?  6.2.1 says: "The SHA-1 algorithm [SHA-1] takes no
> explicit parameters.", but it is not clear whether or not
> foreign elements are allowed.

Same as in the transform case, above.

> When @Algorithm of a SignatureMethod element has the value
> "http://www.w3.org/2000/09/xmldsig#dsa-sha1", can this element have
> elements other than a single HMACOutputLength element?

Same again. The content models are generic even if the prose isn't. It's an
open question whether RELAX, if capable of expressing more accurate models,
should do so. I don't know what typical practice is for these cases.

-- Scott

Received on Wednesday, 23 September 2009 01:14:16 UTC