- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 2 Feb 2010 08:06:13 -0500
- To: "ext MURATA Makoto (FAMILY Given)" <eb2m-mrt@asahi-net.or.jp>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>, Innovimax SARL <innovimax@gmail.com>, "adjb@adjb.net" <adjb@adjb.net>
Makoto My apologies, I didn't mean that these changes need to be in the draft published this week, but subsequently, as you have time. My intent was to make sure we have the encryption material in place before we ask for WG1 review, if you think that makes sense. I don't think this latest set of changes will make it into the publication this week, since that is already in progress, but I expect we will update the editors draft and plan to publish an update once we have the encryption material in place. regards, Frederick Frederick Hirsch Nokia On Feb 2, 2010, at 8:01 AM, ext MURATA Makoto (FAMILY Given) wrote: > Frederick, > > Sorry for my belated reply. > >> I also think it would be helpful if you could please provide schemas >> for XML Encryption 1.1 and Generic Hybrid Cipher before WG1 review as >> well. Then we may have a complete document. > > I am afraid that I cannot finish them this week. So, is it ok to add > them in the second draft? > >> It does not directly reference allowAny.rnc, allowAny11.rnc, >> allowAnyForeign.rnc allowAnyForeign11.rnc, any-containing- >> xmldsign.rnc >> or exclusiveC14N.rnc. I'm not sure if or how these should be >> mentioned >> in the document, so that is something to consider adding for a >> revision before WG1 review. For example, we might want a new section >> for Exclusive Canonicalization. > > Attached please find a revised version. I tried to faithfully > follow Scott's > advice. > > There are three groups of schemas. > > The first group contains core schemas, namely > > xmldsig-core-schema.rnc, > xmldsig11-schema.rnc, > xmldsig-properties-schema.rnc, and > exclusiveC14N.rnc. > > These schemas are expected to be referenced from driver schemas. They > do not allow algorithms that are not explicitly mentioned in the > recommendations. They do now allow any elements where xsd:any > appears. > > The second group contains schemas for mimicking xsd:any. They > are: > > allowAnyForeign.rnc, and > allowAnyForeign11.rnc. > > These schemas may be referenced from driver schemas although some > authors might want to create schemas dedicated to a collection of > non-standard algorithms. > > The third group contains driver schemas, which invoke schemas in the > the first and second groups. The drive schemas are: > > any-containing-xmldsig.rnc > any-containing-xmldsig11-properties-excusiveC14N.rnc > any-containing-xmldsig11-properties.rnc > any-containing-xmldsig11.rnc > > These driver schemas further specify which namespace is > considered foreign by defining "anyForeignElement". > > <xsd:any namespace="##any" .../> is mimicked by the > union of ds_anyDsElement and anyForeignElement, where > > ds_anyDsElement = > ds_Signature | ds_SignatureValue | ds_SignedInfo > | ds_CanonicalizationMethod | ds_SignatureMethod | ds_Reference > | ds_Transforms | ds_Transform | ds_DigestMethod | ds_DigestValue > | ds_KeyInfo | ds_KeyName | ds_MgmtData | ds_KeyValue > | ds_RetrievalMethod | ds_X509Data | ds_PGPData | ds_SPKIData > | ds_Object | ds_Manifest | ds_SignatureProperties > | ds_SignatureProperty | ds_DSAKeyValue | ds_RSAKeyValue > > I successfully validated the test documents against the driver > schemas. > group > > Hope this helps. > > Cheers, > Makoto<dsig.zip>
Received on Tuesday, 2 February 2010 13:07:38 UTC