- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 07 Jul 2000 23:13:59 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
- Cc: <duerst@w3.org>, <ht@cogsci.ed.ac.uk>, <dbeech@us.oracle.com>, <murray@muzmo.com>, <Noah_Mendelsohn@lotus.com>
Given we expect numerous XML 1.0 valdidity constraints [1] to be enforced
for Signatures to even be processed properly, I think we should call a spade
a spade and say a validating parser is required. What that means is up the
implementator depending on the Signature applications, toolkits, etc., that
they use: they could use a well-formed processor and build the relevant
constraints relevant to Signature the DTD themselves, or use a generic
validating parser; that's an implementation issue. I don't think it makes
sense for us to say in the spec "well-formed" and profile XML 1.0 validity
constraints.
My question is how many schema validity constraints [2] are there in
addition to [1] if you don't actually use many feature beyond [1]. (We are
using basic content models and ANY, and a single user defined type, that's
about it ...) Is our use of Schema truly "normative"?
[1] Extensible Markup Language (XML) 1.0
http://www.w3.org/TR/REC-xml#vc-roottype
http://www.w3.org/TR/REC-xml#elementvalid
http://www.w3.org/TR/REC-xml#EDUnique
http://www.w3.org/TR/REC-xml#id
...
[2] http://www.w3.org/TR/xmlschema-1/#conformance-details
Forwarded Text ----
Date: Thu, 06 Jul 2000 13:09:20 -0400
To: Ken Goldman <kgold@watson.ibm.com>
From: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
In-Reply-To: <200007061652.MAA34032@alpha.watson.ibm.com>
Subject: Re: Valid XML and Schema Normative?
Status:
At 12:52 2000-07-06 -0400, Ken Goldman wrote:
>Could you give an XML snippet of this, showing the issue?
Assuming that the following well formed XML instance reference
and signature validates, is the following example a valid
Signature? (It violates the specified content model).
I'm slightly confusing the syntactical violation with a clear violation
of semantics ("disclaimer") just to show why this might be important,
but [x01-03] could be any name space qualified and wellformed XML.
[s01] <Signature Id="MyFirstSignature"
xmlns="http://www.w3.org/2000/02/xmldsig#">
[s02] <SignedInfo>
[x01] <disclaimer xmlns="http://badactor.com/2000/v3">
[x02] <declaration>this signature is invalid on
tuesdays</declaration>
[x03] </disclaimer>
[s03] <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/>
[s04] <SignatureMethod
Algorithm="http://www.w3.org/2000/02/xmldsig#dsa-sha1"/>
[s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
[s06] <Transforms>
[s07] <Transform
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/>
[s08] </Transforms>
[s09] <DigestMethod
Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"/>
[s10] <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
[s11] </Reference>
[s12] </SignedInfo>
[s13] <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
[s14] <KeyInfo>
[s15a] <KeyValue>
[s15b] <DSAKeyValue>
[s15c] <P>...</P><Q>...</Q><G>...</G><Y>...</Y>
[s15d] </DSAKeyValue>
[s15e] </KeyValue>
[s16] </KeyInfo>
[s17] </Signature>
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
End Forwarded Text ----
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Friday, 7 July 2000 23:16:11 UTC