W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

Re: RNG schema plans

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Thu, 21 Jan 2010 08:12:20 +0900
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Cc: Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20100121081219.8010.B794FC04@asahi-net.or.jp>

> > But what is the known algorithms?  RSA-OAEP and  RSA Version 1.5 only?
> > When permissible contents are cleary defined, I would like to capture
> > them in the RELAX NG schema.
> 
> The algorithms vary by context, I believe, not specifically in terms of that
> XML element, which is generic and used for different things in the spec.
> Those two are for key transport, for example, vs. others that are key
> wrapping, others for actual encryption, etc.

So, do some W3C specifications specify other algorithms that have 
particular values of the Algorithm attribute and particular content
models?


> So, you can impose tight restrictions by using
> > xmldsig-core-schema.rnc only.
> 
> Nobody would be likely to do that. 

SC34/WG4 (OOXML) (convened by me) will use mldsig-core-schema.rnc 
without using allowAnyForeign.rnc.  I will try to make ODF use that only.

>If you're saying there's no equivalent of ##any, then I guess
> you're stuck enumerating everything in the schema.

##any or ##other with laxed validation can only be mimicked by
explicitly enumerating what has to be validated.  (Note that 
any-containing-xmldsig11-properties.rnc allows property elements 
only as children of SignatureProperty elements.)

But you do not have to enumerate what has to be skipped; you can 
rely on wild cards such as 

anyForeignElement = element * - ds:* {
  mixed { anyAttribute*, anyForeignElement* } }


Cheers,
Makoto
Received on Wednesday, 20 January 2010 23:12:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 20 January 2010 23:12:57 GMT