W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

RE: RNG schema plans

From: Scott Cantor <cantor.2@osu.edu>
Date: Wed, 20 Jan 2010 10:41:55 -0500
To: "'MURATA Makoto \(FAMILY Given\)'" <eb2m-mrt@asahi-net.or.jp>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <015f01ca99e7$1815afd0$48410f70$@2@osu.edu>
MURATA Makoto (FAMILY Given) wrote on 2010-01-20:
>>>  Again, are preceding and following foreign elements disallowed? Apart
>>> from the RSA-OAEP algorithm, what is allowed?  RSA Version 1.5 only?
>> Algorithms are extensible. You can determine what the content is for the
>> known algorithms, but not the unknown ones.
> But what is the known algorithms?  RSA-OAEP and  RSA Version 1.5 only?
> When permissible contents are cleary defined, I would like to capture
> them in the RELAX NG schema.

The algorithms vary by context, I believe, not specifically in terms of that
XML element, which is generic and used for different things in the spec.
Those two are for key transport, for example, vs. others that are key
wrapping, others for actual encryption, etc.

> Actually, in RELAX NG, if you want to validate SignatureValue (rather
> than skipping it) in Object for example, you have to explicitly
> reference  the pattern for SignatureValue.

Object doesn't normally contain a SignatureValue, it carries something you'd
be signing.

>> And every other element in the world.
> Such foreign elements are allowed by
>   ds_ObjectChild |= anyForeignElement
> in allowAnyForeign.rnc.  So, you can impose tight restrictions by using
> xmldsig-core-schema.rnc only.

Nobody would be likely to do that. Object is a wrapper for arbitrary XML,
not specifically for XML from this schema. That would be far less common, I
would think. If you're saying there's no equivalent of ##any, then I guess
you're stuck enumerating everything in the schema.

-- Scott
Received on Wednesday, 20 January 2010 15:42:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:13 UTC