W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2010

Re: XML Security RNG Schemas and WG1 review

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Tue, 02 Feb 2010 22:01:28 +0900
To: XMLSec WG Public List <public-xmlsec@w3.org
Cc: Innovimax SARL <innovimax@gmail.com>, "adjb@adjb.net" <adjb@adjb.net>, Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20100202220123.F0D9.B794FC04@asahi-net.or.jp>

Sorry for my belated reply.

> I also think it would be helpful if you could please provide schemas  
> for XML Encryption 1.1 and Generic Hybrid Cipher before WG1 review as  
> well. Then we may have a complete document.

I am afraid that I cannot finish them this week.  So, is it ok to add
them in the second draft?

> It does not directly reference allowAny.rnc, allowAny11.rnc,  
> allowAnyForeign.rnc allowAnyForeign11.rnc, any-containing-xmldsign.rnc  
> or exclusiveC14N.rnc. I'm not sure if or how these should be mentioned  
> in the document, so that is something to consider adding for a  
> revision before WG1 review. For example, we might want a new section  
> for Exclusive Canonicalization.

Attached please find a revised version.  I tried to faithfully follow Scott's

There are three groups of schemas.

The first group contains core schemas, namely

xmldsig-properties-schema.rnc, and

These schemas are expected to be referenced from driver schemas.  They
do not allow algorithms that are not explicitly mentioned in the
recommendations.  They do now allow any elements where xsd:any

The second group contains schemas for mimicking xsd:any.  They 

allowAnyForeign.rnc, and 

These schemas may be referenced from driver schemas although some
authors might want to create schemas dedicated to a collection of
non-standard algorithms.

The third group contains driver schemas, which invoke schemas in the
the first and second groups.  The drive schemas are:


These driver schemas further specify which namespace is 
considered foreign by defining "anyForeignElement".

<xsd:any namespace="##any" .../> is mimicked by the 
union of ds_anyDsElement and anyForeignElement, where

  ds_anyDsElement =
    ds_Signature | ds_SignatureValue | ds_SignedInfo
    | ds_CanonicalizationMethod | ds_SignatureMethod | ds_Reference
    | ds_Transforms | ds_Transform | ds_DigestMethod | ds_DigestValue
    | ds_KeyInfo | ds_KeyName | ds_MgmtData | ds_KeyValue
    | ds_RetrievalMethod | ds_X509Data | ds_PGPData | ds_SPKIData
    | ds_Object | ds_Manifest | ds_SignatureProperties
    | ds_SignatureProperty | ds_DSAKeyValue | ds_RSAKeyValue

I successfully validated the test documents against the driver schemas.

Hope this helps.


Received on Tuesday, 2 February 2010 13:02:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:13 UTC