W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

Re: RNG schema plans

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Thu, 21 Jan 2010 00:28:15 +0900
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Cc: Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20100121002815.800B.B794FC04@asahi-net.or.jp>
> >  Again, are preceding and following foreign elements disallowed? Apart
> > from the RSA-OAEP algorithm, what is allowed?  RSA Version 1.5 only? 
> Algorithms are extensible. You can determine what the content is for the
> known algorithms, but not the unknown ones.

But what is the known algorithms?  RSA-OAEP and  RSA Version 1.5 only? 
When permissible contents are cleary defined, I would like to capture
them in the RELAX NG schema.

> > 4.5 The Object Element of XML Signature does not clearly specify
> > permissible children of the digital signature namespace.
> I've never used Object, but my understanding is that it contains literally
> anything. There's nothing special about the signature schema in that regard,
> and you would never want to try to enumerate it.

Actually, in RELAX NG, if you want to validate SignatureValue (rather than skipping
it) in Object for example, you have to explicitly reference  the pattern
for SignatureValue.

> > I guess
> > that any of the SignatureValue, SignedInfo, CanonicalizationMethod ,
> > SignatureMethod, Reference, Transforms, Transform , DigestMethod,
> > DigestValue, KeyInfo, KeyName, MgmtData , KeyValue, RetrievalMethod,
> > X509Data, PGPData, SPKIData , Manifest, SignatureProperties,
> > SignatureProperty, and DSAKeyValue elements are allowed .
> And every other element in the world.

Such foreign elements are allowed by 

  ds_ObjectChild |= anyForeignElement

in allowAnyForeign.rnc.  So, you can impose tight restrictions by using
xmldsig-core-schema.rnc only.

Received on Wednesday, 20 January 2010 15:28:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:13 UTC