W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: empty KeyInfo, etc.

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Wed, 07 Mar 2001 14:48:06 -0500
Message-Id: <4.3.2.7.2.20010307141150.02089010@rpcp.mit.edu>
To: merlin <merlin@baltimore.ie>
Cc: w3c-ietf-xmldsig@w3.org
Changes now reflected in (this now also includes tweaks that makes all 
complexTypes *and* elements global):
        http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html

At 10:19 3/5/2001 +0000, merlin wrote:
>4.4 KeyInfo
>
><complexType name="KeyInfoType" mixed="true">
>   <choice maxOccurs="unbounded">
>     <element name="KeyName" type="string"/>
>     ...
>     <any ... namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
>   </choice>
>   ...
></complexType>
>
>This permits an empty KeyInfo (if you have 0 elements from
>##other). It seems to me that if we took minOccurs=0 and
>maxOccurs=unb away from the any, then the unlimit on the
>choice would permit exactly what we want to express: 1 or
>more elements among our permitted types and those of others.

Correct. I originally structured them as I did to try to clearly express 
that one can have 0-or-more elements from 0-or-more namespaces. This is 
permitted by your proposal and my approach didn't end up being any more 
clear -- and might even lead to redundant/ambiguity problems. I've now 
changed it to:

    <complexType name="KeyInfoType" mixed="true">
      <choice maxOccurs="unbounded">
        ...
        <any processContents="lax" namespace="##other"/>
        <!-- (1,1) elements from (0,unbounded) namespaces -->


>Other issues:
>4.3.2 SignatureMethodType
>The minOccurs=0/maxOccurs=1 on the sequence are redundant.

Ok.

>4.3.3.4 TransformType
>
>The maxOccurs=unb on the choice is redundant or in error?
>It suggests that multiple XSLT or XPath elements are valid.

We probably shouldn't permit an XPath, then something external, then an 
XSLT, then something external. Each should be in their own Transform with 
their approriate Algorithm identifier:

   <element name="Transform" type="ds:TransformType"/>
   <complexType name="TransformType" mixed="true">
     <choice maxOccurs="unbounded">
       <any namespace="##other" processContents="lax"/>
       <!-- (1,1) elements from (0,unbounded) namespaces -->
       <element name="XSLT" type="string"/>
       <!-- must be an xsl:stylesheet element -->
       <element name="XPath" type="string"/>
     </choice>
     <attribute name="Algorithm" type="uriReference" use="required"/>
   </complexType>

>4.4.6 SPKIData
>
>The maxOccurs=unb on the outer sequence allows multiple
>SPKISexp elements, which I don't believe is the intention.
>I think instead the any should get that maxOccurs.

I'm not sure about this. Anyone else have thoughts on this?

>4.5/5.1 Object/Manifest
>
>ObjectType has sequence+[any], where ManifestType has
>sequence[any+]; I think the latter is more consistent with
>the rest of the doc.

Do you mean in the DTD? Are you saying the DTD definition should be:
   <!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest 
%Object.ANY;)+ >

>5.2 SignatureProperties
>
>SignatureProperType has choice*[any*]; one of the * is
>redundant.

Yes, I did this in the same philosophy that I spoke of earlier, but will 
remove it now:

<element name="SignatureProperty" type="ds:SignaturePropertyType"/>
<complexType name="SignaturePropertyType" mixed="true">
    <choice maxOccurs="unbounded">
      <any namespace="##other" processContents="lax"/>
      <!-- (1,1) elements from (1,unbounded) namespaces -->
    </choice>
    <attribute name="Target" type="uriReference" use="required"/>
    <attribute name="Id" type="ID" use="optional"/>
</complexType>


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 7 March 2001 14:48:59 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT