XML Security RELAX NG Schemas

This Working Draft collects non-normative RELAX NG Schemas for XML Security specifications, including XML Signature 1.1, XML Encryption 1.1, XML Security Generic Hybrid Ciphers and XML Signature Properties. The normative description of the respective data formats are included in the Recommendation-track Working Drafts.

These schemas are drafts and subject to further revisions. This is a work in progress. This document is intended to evolve to include additional RELAX NG schemas.

The changes to this document since the last publication on 16 March 2010 are the following:

Removal of allowAny.rnc from Section 2, Included RNG Schema files.
Added top-level schema any-containing-encryption.rng in section 6, XML Encryption 1.1 RNG Schema.
Updated references.
Some editorial updates to the document. Editorial changes to the detailed schema files referenced from the document.

A diff-marked version (diff-marked version) of this specification that highlights changes against the previous version is available.

Introduction

The XML Security specifications include normative XML Schema [[XMLSCHEMA-1]], [[XMLSCHEMA-2]]. This note provides non-normative RELAX NG schemas in compact form [[RELAXNG-SCHEMA]].

These RELAX NG schemas are highly modularized. This modularization has two significant advantages. First, it is easy to create schemas dedicated to enveloped or enveloping signatures. Second, it is easy to create schemas for imposing tight constraints where <xsd:any> in the original XSD schemas does not impose such tight constraints.

However, this modularization increases the number of schema modules.

First, a wildcard schema is needed for each core schema (e.g., xmldsig-core-schema.rnc (xmldsig-core-schema.rng) and xenc-schema.rnc (xenc-schema.rng)). Wildcard schemas mimic <xsd:any> in core schemas. A wildcard can be further customized by a driver schema or it can be simply replaced by another schema when tight constraints have to be hardcoded.

Second, one top-level schema is needed for each combination of core schemas and the choice from the "enveloping" and "enveloped" options. In this note, we only provide top-level schemas for enveloped signatures or encryptions, but it is easy to create top-level schemas for enveloping signatures.

Included RNG Schema files

The following are RELAX NG schema files that are included in other files described in this document.

Define anyElement and anyAttribute: any.rnc (any.rng)
Exclusive Canonicalization Algorithms RNG Schema Definitions: exclusiveC14N.rnc (exclusiveC14N.rng)
RNG Schema to allow Exclusive Canonicalization algorithms.

XML Signature 1.0 RNG Schema

The following are RELAX NG schemas for XML Signature 1.0 [[XMLDSIG-CORE]].

XML Signature Core RELAX NG Schema Instance: xmldsig-core-schema.rnc (xmldsig-core-schema.rng); This is the schema corresponding to XML Signature 1.0, Second Edition.
RELAX NG XML Signature 1.0 Top-Level Schema: any-containing-xmldsig.rnc (any-containing-xmldsig.rng); Any correct use of XML Signature 1.0 schema is expected be valid against this top-level schema.
RELAX NG XML Signature 1.0 schema, allowing Exclusive Canonicalization: any-containing-xmldsig-exclusiveC14N.rnc (any-containing-xmldsig-exclusiveC14N.rng); Any correct use of XML Signature 1.0 schema is expected be valid against this top-level schema, including use of the Exclusive Canonicalization algorithm.
RELAX NG Schema corresponding to xsd:any: xmldsig-allowAnyForeign.rnc (xmldsig-allowAnyForeign.rng); This is used by the top-level schema to mimic xsd:any.

XML Signature 1.1 RNG Schema

The following are RELAX NG schemas for XML Signature 1.1 [[XMLDSIG-CORE1]].

XML Signature 1.1 RELAX NG Schema Instance: xmldsig11-schema.rnc (xmldsig11-schema.rng)
RELAX NG XML Signature 1.1 Top-Level Schema: any-containing-xmldsig11.rnc (any-containing-xmldsig11.rng); Any correct use of XML Signature 1.1 schema is expected be valid against this top-level schema.
RELAX NG Schema corresponding to xsd:any: xmldsig11-allowAnyForeign.rnc (xmldsig11-allowAnyForeign.rng); This is used by the top-level schema to mimic xsd:any.

XML Signature Properties RNG Schema

The following are RELAX NG schemas for XML Signature Properties [[XMLDSIG-PROPERTIES]].

Signature Properties RNG Schema Instance: xmldsig-properties-schema.rnc (xmldsig-properties-schema.rng)
Valid RNG Schema instance.
RELAX NG XML Signature 1.1 with Properties Top-Level Schema: any-containing-xmldsig11-properties.rnc (any-containing-xmldsig11-properties.rng); Any correct use of XML Signature 1.1 schema containing Signature Properties defined in this specification is expected be valid against this top-level schema.
RELAX NG XML Signature 1.1 with Properties Top-Level Schema, allowing Exclusive Canonicalization: any-containing-xmldsig11-properties-exclusiveC14N.rnc (any-containing-xmldsig11-properties-exclusiveC14N.rng); Any correct use of XML Signature 1.1 schema containing Signature Properties defined in this specification is expected be valid against this top-level schema, including use of Exclusive Canonicalization algorithm.

XML Encryption 1.0 RNG Schema

The following is a RELAX NG schema for XML Encryption 1.0 [[XMLENC-CORE]].

XML Encryption 1.0 RELAX NG Schema Instance: xenc-schema.rnc (xenc-schema.rng); This is the schema corresponding to XML Encryption 1.0.
RELAX NG XML Encryption 1.0 Top-Level Schema: any-containing-encryption.rnc (any-containing-encryption.rng); Any correct use of XML Encryption schema is expected be valid against this top-level schema.
RELAX NG Schema corresponding to xsd:any: xenc-allowAnyForeign.rnc (xenc-allowAnyForeign.rng); This is used by the top-level schema to mimic xsd:any.

XML Encryption 1.1 RNG Schema

The following are RELAX NG schemas for XML Encryption 1.1 [[XMLENC-CORE1]].

XML Encryption 1.1 RELAX NG Schema Instance: xenc-schema-11.rnc (xenc-schema-11.rng)
RELAX NG XML Encryption 1.1 Top-Level Schema: any-containing-encryption11.rnc (any-containing-encryption11.rng); Any correct use of XML Encryption 1.1 schema is expected be valid against this top-level schema.
RELAX NG Schema corresponding to xsd:any: xenc11-allowAnyForeign.rnc (xenc11-allowAnyForeign.rng)

XML Security Generic Hybrid Ciphers RNG Schema

The following are RELAX NG schemas for XML Security Generic Hybrid Ciphers [[XMLSEC-GHCIPHERS]].

XML Security Generic Hybrid Ciphers RELAX NG Schema Instance: xmlsec-gh-schema.rnc (xmlsec-gh-schema.rng)
RELAX NG XML Security Generic Hybrid Ciphers Top-Level Schema: any-containing-encryption11-gh.rnc (any-containing-encryption11-gh.rng); Any correct use of XML Security Generic Hybrid Ciphers is expected be valid against this top-level schema.
RELAX NG Schema corresponding to xsd:any: xmlsec-gh-allowAnyForeign.rnc (xmlsec-gh-allowAnyForeign.rng)