W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2010

Re: XML Security RNG Schemas and WG1 review

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 2 Feb 2010 08:06:13 -0500
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>, Innovimax SARL <innovimax@gmail.com>, "adjb@adjb.net" <adjb@adjb.net>
Message-Id: <719BF700-2E72-4875-8AC1-07A404F40A34@nokia.com>
To: "ext MURATA Makoto (FAMILY Given)" <eb2m-mrt@asahi-net.or.jp>
Makoto

My apologies, I didn't mean that these changes need to be in the draft  
published this week, but subsequently, as you have time. My intent was  
to make sure we have the encryption material in place before we ask  
for WG1 review, if you think that makes sense.

I don't think this latest set of changes will make it into the  
publication this week, since that is already in progress, but I expect  
we will update the editors draft and plan to publish an update once we  
have the encryption material in place.

regards, Frederick

Frederick Hirsch
Nokia



On Feb 2, 2010, at 8:01 AM, ext MURATA Makoto (FAMILY Given) wrote:

> Frederick,
>
> Sorry for my belated reply.
>
>> I also think it would be helpful if you could please provide schemas
>> for XML Encryption 1.1 and Generic Hybrid Cipher before WG1 review as
>> well. Then we may have a complete document.
>
> I am afraid that I cannot finish them this week.  So, is it ok to add
> them in the second draft?
>
>> It does not directly reference allowAny.rnc, allowAny11.rnc,
>> allowAnyForeign.rnc allowAnyForeign11.rnc, any-containing- 
>> xmldsign.rnc
>> or exclusiveC14N.rnc. I'm not sure if or how these should be  
>> mentioned
>> in the document, so that is something to consider adding for a
>> revision before WG1 review. For example, we might want a new section
>> for Exclusive Canonicalization.
>
> Attached please find a revised version.  I tried to faithfully  
> follow Scott's
> advice.
>
> There are three groups of schemas.
>
> The first group contains core schemas, namely
>
> xmldsig-core-schema.rnc,
> xmldsig11-schema.rnc,
> xmldsig-properties-schema.rnc, and
> exclusiveC14N.rnc.
>
> These schemas are expected to be referenced from driver schemas.  They
> do not allow algorithms that are not explicitly mentioned in the
> recommendations.  They do now allow any elements where xsd:any
> appears.
>
> The second group contains schemas for mimicking xsd:any.  They
> are:
>
> allowAnyForeign.rnc, and
> allowAnyForeign11.rnc.
>
> These schemas may be referenced from driver schemas although some
> authors might want to create schemas dedicated to a collection of
> non-standard algorithms.
>
> The third group contains driver schemas, which invoke schemas in the
> the first and second groups.  The drive schemas are:
>
> any-containing-xmldsig.rnc
> any-containing-xmldsig11-properties-excusiveC14N.rnc
> any-containing-xmldsig11-properties.rnc
> any-containing-xmldsig11.rnc
>
> These driver schemas further specify which namespace is
> considered foreign by defining "anyForeignElement".
>
> <xsd:any namespace="##any" .../> is mimicked by the
> union of ds_anyDsElement and anyForeignElement, where
>
>  ds_anyDsElement =
>    ds_Signature | ds_SignatureValue | ds_SignedInfo
>    | ds_CanonicalizationMethod | ds_SignatureMethod | ds_Reference
>    | ds_Transforms | ds_Transform | ds_DigestMethod | ds_DigestValue
>    | ds_KeyInfo | ds_KeyName | ds_MgmtData | ds_KeyValue
>    | ds_RetrievalMethod | ds_X509Data | ds_PGPData | ds_SPKIData
>    | ds_Object | ds_Manifest | ds_SignatureProperties
>    | ds_SignatureProperty | ds_DSAKeyValue | ds_RSAKeyValue
>
> I successfully validated the test documents against the driver  
> schemas.
> group
>
> Hope this helps.
>
> Cheers,
> Makoto<dsig.zip>
Received on Tuesday, 2 February 2010 13:07:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 February 2010 13:07:38 GMT