W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2010

Re: XML Security RNG Schemas and WG1 review

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Tue, 02 Feb 2010 22:01:28 +0900
To: XMLSec WG Public List <public-xmlsec@w3.org
Cc: Innovimax SARL <innovimax@gmail.com>, "adjb@adjb.net" <adjb@adjb.net>, Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20100202220123.F0D9.B794FC04@asahi-net.or.jp>
Frederick,

Sorry for my belated reply.

> I also think it would be helpful if you could please provide schemas  
> for XML Encryption 1.1 and Generic Hybrid Cipher before WG1 review as  
> well. Then we may have a complete document.

I am afraid that I cannot finish them this week.  So, is it ok to add
them in the second draft?

> It does not directly reference allowAny.rnc, allowAny11.rnc,  
> allowAnyForeign.rnc allowAnyForeign11.rnc, any-containing-xmldsign.rnc  
> or exclusiveC14N.rnc. I'm not sure if or how these should be mentioned  
> in the document, so that is something to consider adding for a  
> revision before WG1 review. For example, we might want a new section  
> for Exclusive Canonicalization.

Attached please find a revised version.  I tried to faithfully follow Scott's
advice.

There are three groups of schemas.

The first group contains core schemas, namely

xmldsig-core-schema.rnc,
xmldsig11-schema.rnc,
xmldsig-properties-schema.rnc, and
exclusiveC14N.rnc.

These schemas are expected to be referenced from driver schemas.  They
do not allow algorithms that are not explicitly mentioned in the
recommendations.  They do now allow any elements where xsd:any
appears.

The second group contains schemas for mimicking xsd:any.  They 
are:

allowAnyForeign.rnc, and 
allowAnyForeign11.rnc.

These schemas may be referenced from driver schemas although some
authors might want to create schemas dedicated to a collection of
non-standard algorithms.

The third group contains driver schemas, which invoke schemas in the
the first and second groups.  The drive schemas are:

any-containing-xmldsig.rnc
any-containing-xmldsig11-properties-excusiveC14N.rnc
any-containing-xmldsig11-properties.rnc
any-containing-xmldsig11.rnc

These driver schemas further specify which namespace is 
considered foreign by defining "anyForeignElement".

<xsd:any namespace="##any" .../> is mimicked by the 
union of ds_anyDsElement and anyForeignElement, where

  ds_anyDsElement =
    ds_Signature | ds_SignatureValue | ds_SignedInfo
    | ds_CanonicalizationMethod | ds_SignatureMethod | ds_Reference
    | ds_Transforms | ds_Transform | ds_DigestMethod | ds_DigestValue
    | ds_KeyInfo | ds_KeyName | ds_MgmtData | ds_KeyValue
    | ds_RetrievalMethod | ds_X509Data | ds_PGPData | ds_SPKIData
    | ds_Object | ds_Manifest | ds_SignatureProperties
    | ds_SignatureProperty | ds_DSAKeyValue | ds_RSAKeyValue

I successfully validated the test documents against the driver schemas.
group

Hope this helps.

Cheers,
Makoto


Received on Tuesday, 2 February 2010 13:02:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 February 2010 13:02:04 GMT