W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

RE: Revised syntax proposal

From: Richard D. Brown <rdbrown@Globeset.com>
Date: Mon, 16 Aug 1999 12:27:21 -0500
To: "'David Solo'" <david.solo@citicorp.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <017c01bee80c$9b3f2190$0bc0010a@artemis.globeset.com>
Dave,

Comments follow...

> Richard Wrote:
> >
> > Not really. Adoption of a similar model requires the
> definition of an
> > intermediary element for algorithm parameters (counter-part of
> > attribute-data).
> >
> > <!ELEMENT signedAttributes (attributeData)+>
> > <!ELEMENT attributeData ANY>
> > <!ATTLIST attributeData
> >      type CDATA #REQUIRED
> > >
> >
> > <!ELEMENT c14nAlg (algParameter)*>
> > <!ATTLIST c14nAlg
> >     xml:link CDATA #FIXED 'simple'
> >     href     CDATA #REQUIRED
> > >
> > <!ELEMENT algParameter ANY>
> > <!ATTLIST algParameter
> >     type  CDATA #REQUIRED
> > >
>
> Dave Replied:
>
> This syntax looks fine to me.  If there's no objection (other than
> looking for consensus on whether href is the right way to point to
> things), we can use it for all the alg types.
>

Fine, if we agree on a common model for attribute and algorithm. However, I
think that we can do without the second level that only provides for typing
of the element value. Unless, attribute values and algorithm parameters make
use of common data types (Date, Integer, String...), the tagname of the
attribute or parameter could serve the same purpose.

EXAMPLE WHERE THERE IS NO BENEFIT
---------------------------------

<dsig:signedAttributes>
  <dsig:attributeData type='http://w3.org/xmldsig/signing_time'>
    <dsig:signingTime>1999-08-16T12:14:06.031-0500</dsig:signingTime>
  </dsig:attributeData>
</dsig:signedAttributes>

In this example, dsig:signingTime and the type attribute on the
attributeData element are redundant.

EXAMPLE WHERE THERE IS NO BENEFIT
---------------------------------

<dsig:signedAttributes>
  <dsig:attributeData type='http://w3.org/xmldsig/signing_time'>
    <dcd:date>1999-08-16T12:14:06.031-0500</dcd:date>
  </dsig:attributeData>
</dsig:signedAttributes>

Notice that this example makes use of a "dcd:date", assuming that dcd is
associated to a generic DTD for common data types.

EXAMPLE WHITHOUT INTERMEDIARY LEVEL
-----------------------------------

<dsig:signedAttributes>
  <dsig:signingTime>1999-08-16T12:14:06.031-0500</dsig:signingTime>
</dsig:signedAttributes>

The attribute type is provided implicitly by the tag name of the element
(e.g. dsig:signingTime). Unless there is (or will be) a DTD for common data
types, this is the syntax that I prefer.

> > >
> > > Richard D. Brown Wrote:
> > >
> > > 10.1- I suggest that you provide an encoding attribute.
> > > Also, we could have share the same definition between content,
> > > sigValue, digestValue...
> > >
> > > David Solo Responded:
> > >
> > > Why do you think we need flexibility in encoding?  I had
> hoped that we
> > > could define a single encoding for all our top level items.
> > >
> >   Richard Wrote:
> >
> > Agreed that we can limit encoding to base64. But we still have to
> > distinguish between encoded and non-encoded content.
>
> David Replied:
>
> Where do you think this is an issue (if it refers to the
> signed object,
> then I think the encoding info belongs in the definition of the
> encapsulated type, not in signature)?
>
The issue is mostly for the content element that is used to package the
object value within the signature block. You probably have to distinguish
between an embedded XML element (no-encoding) and a base64 encoded binary
object.

Sincerely,

Richard D. Brown
Received on Monday, 16 August 1999 13:27:13 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT