W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

<Q> Does a signature XML Document need to be a valid XML document ?

From: XML DSig <xmldsig@hotmail.com>
Date: Thu, 08 Mar 2001 21:38:33 +0530
To: w3c-ietf-xmldsig@w3.org
Message-ID: <F27X04yGiP5rrgJGERx00003057@hotmail.com>
Hi:

This is the sample detached signature XML document (edited)
generated using XSS4J library.

<?xml version='1.0' encoding='UTF-8'?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/>
    <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    ....
  </SignedInfo>
    <SignatureValue>
      clquuM7UNQ268b6HiHbzQdThdjmEy4rce38pUmTm415QNDM51eOZVw==
    </SignatureValue>
  <KeyInfo>
  ...
  </KeyInfo>
</Signature>

Observing it closely, I find that there is no reference to the
XML Schema or DTD in the signature XML document!

I also looked at the sample signature XML document referenced at
http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/signature-example-rsa.xml 
. There ain't no Schema /DTD reference either!

In absence of the reference to the XML Schema / DTD there, it isn't
a valid XML document! What is the rationale here ?
Are we saying here that the intelligence of getting hold of the
XMLDSig Schema resides with the signature application ?

Additionally, I note in the case of enveloping signatures, the document
fragment between the root element is inserted within

<disg:Object ID="SomeID" xmlns="" 
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <rootElement>
    ...
  </rootElement>
</dsig:Object>

Here again I have lost information about the schema location!

Now, if I was to present the signature XML document to the signature
application, then I need to provide the schema information separately.

To sum it all, my concern is the loss of Schema information in both
the cases that I mention.

I believe there must be something that the designer's of the XMLDSig
would have thought of which I have so far not grasped.

I will appreciate some inputs on this.

Thanks for your time.

best regards
XMLDSig Dev.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Received on Thursday, 8 March 2001 11:09:09 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT