- From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
- Date: Sun, 04 Sep 2011 15:37:30 +0900
- To: "Cantor, Scott" <cantor.2@osu.edu>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
> On 9/3/11 5:25 PM, "MURATA Makoto" <eb2m-mrt@asahi-net.or.jp> wrote:
>
> >Hmm. Although conformance to Encryption 1.1 requires conformance
> >(including validity) to Signature 1.1, validity against the Encryption 1.1
> >schema does not require validity against the Signature 1.1 schema.
> >At the very least, I think that this idiosyncrasy should be clearly
> >documented
> >in Encryption 1.1.
>
> I don't see it as anything unusual at all.
>
> -- Scott
I would argue that I'm a schema expert. I think it is very unusual
and has to be carefully explained.
It is true that not importing everything is not uncommon. For
example, some OOXML schemas (e.g., wml.xsd)
in W3C XML Schema do not import all other relevent schemas.
However,in this case, validators will report schema errors if some
schemas are not imported by driver schemas,
@schemaLocation, or invocation parameters to the validator.
Our case is different. What is particular is that validators will
report no schema errors even when the schema for Signature
1.1 is not imported and report no validation errors even if
<ds:KeyInfo>
<dsig11:ECKeyValue>
<dsig11:bogus/>
</dsig11:ECKeyValue>
</ds:KeyInfo>
appear within the given document. Since Signature 1.1 is
normatively referenced, I think that this behaviour is
very strange and against the whole point of using schemas
for ensuring conformance as much as possible.
Cheers,
Makoto
Received on Sunday, 4 September 2011 06:37:47 UTC