At 12:36 8/11/2000 -0400, Donald E. Eastlake 3rd wrote: >"Note that items (2), (4), and (5C) depend on specific schema, DTD, or >similar declarations. In the general case, such declarations will not >be available to or used by the signature verifier, particularly for >non-signature XML, which may be in othr namespaces, in the same >document as the signature. Thus, a signature will only be verifiable >by such a non-validating signature implementations if the following >syntax contraints are observed when generating any signed material >including the SignedInfo element: I took a stab at putting this in the context of laxly schema valid, are we in agreement? Note that items (2), (4), and (5C) depend on the presence of a schema, DTD or similar declarations. The Signature element type is laxly schema valid [XML-schema], consequently external XML or even XML within the same document as the signature may be (only) well formed or from another namespace (where permitted by the signature schema); the noted items may not be present. Thus, a signature with such content will only be verifiable by other signature applications if the following syntax contraints are observed when generating any signed material including the SignedInfo element: > 1. Attributes having default values are explicitly present. > 2. All entity references (except "amp", "lt", "gt", "apos", >"quot", and other character entities not representable in the encoding >chosen) are expanded and non-representable characters are replaced by >their numeric character reference. > 3. Attribute value white space is normalized." I believe 2 now satisfies Martin's original question. _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/Received on Friday, 11 August 2000 13:45:14 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT