W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

RE: RNG schema plans

From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 20 Jan 2010 10:02:15 -0500
To: "'MURATA Makoto \(FAMILY Given\)'" <eb2m-mrt@asahi-net.or.jp>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <015501ca99e1$8d494100$a7dbc300$@2@osu.edu>
MURATA Makoto (FAMILY Given) wrote on 2010-01-20:
> So, are foreign elements  allowed to precede or follow the XPath element?
> (My guess:  No)  Is the XPath element mandatory?  (My guess: Yes) I have
> similar questions about permissible contents when the Algorithm attribute
> specifies other values.

Your guesses match what everybody I know has interpreted the spec to mean.
Has anybody else ever felt differently?

>  Again, are preceding and following foreign elements disallowed? Apart
> from the RSA-OAEP algorithm, what is allowed?  RSA Version 1.5 only? 

Algorithms are extensible. You can determine what the content is for the
known algorithms, but not the unknown ones.

> 4.5 The Object Element of XML Signature does not clearly specify
> permissible children of the digital signature namespace.

I've never used Object, but my understanding is that it contains literally
anything. There's nothing special about the signature schema in that regard,
and you would never want to try to enumerate it.

> I guess
> that any of the SignatureValue, SignedInfo, CanonicalizationMethod ,
> SignatureMethod, Reference, Transforms, Transform , DigestMethod,
> DigestValue, KeyInfo, KeyName, MgmtData , KeyValue, RetrievalMethod,
> X509Data, PGPData, SPKIData , Manifest, SignatureProperties,
> SignatureProperty, and DSAKeyValue elements are allowed .

And every other element in the world.

> xmldsig-core-schema.rnc explicitly enumerates all of them.

I certainly wouldn't do that.
-- Scott
Received on Wednesday, 20 January 2010 15:02:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:13 UTC