W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: X509 Schema Tweaks (Was: XML Signature schema implementation)

From: Peter Tornberg <tberg@x-obi.com>
Date: Fri, 28 Sep 2001 08:45:22 +0200
Message-ID: <025001c147e9$26314600$0b00a8c0@hydra>
To: <reagle@w3.org>, "Tom Gindin" <tgindin@us.ibm.com>, "xmldsig" <w3c-ietf-xmldsig@w3.org>

To me the suggested solution looks like a good one. Still we could go even
further and declare everything as global, such as X509IssuerName etc.

"However, it is rather ugly", I don't think so, it's only practical.


----- Original Message -----
From: "Joseph Reagle" <reagle@w3.org>
To: "Tom Gindin" <tgindin@us.ibm.com>; "Peter Tornberg" <tberg@x-obi.com>
Cc: "xmldsig" <w3c-ietf-xmldsig@w3.org>; <bal@microsoft.com>
Sent: Thursday, September 27, 2001 11:18 PM
Subject: X509 Schema Tweaks (Was: XML Signature schema implementation)

> On Friday 21 September 2001 06:34 pm, Tom Gindin wrote:
> >      By the way, all of the elements in this case except for X509SKI are
> > plausible candidates for reuse.  X509Certificate, X509CRL, and
> > X509SubjectName are all more likely to be reused in another spec than
> > X509IssuerSerial.
> In that case, I think the tweaked schema would need to look like [1]. This
> wouldn't affect parser or schema validation performance I don't think. It
> does permit  people to borrow our natural language specification of how
> these things are encoded and such. However, it is rather ugly, if someone
> wants to re-use it, they could redefine/import them in a new namespace,
> it divorces these element types from their context/meaning as properties
> a single X509Data structure.
> These are all minor points, but given our late stage in the game, I'd like
> to hear more voices in support of this change...
> [1]  Tweaked X509DataType
> <complexType name="X509DataType">
> <sequence maxOccurs="unbounded">
> <choice>
> <element ref="ds:X509IssuerSerial"/>
> <element ref="ds:X509SKI"/>
> <element ref="ds:X509SubjectName"/>
> <element ref="ds:X509Certificate"/>
> <element ref="ds:X509CRL"/>
> <any namespace="##other" processContents="lax"/>
> </choice>
> </sequence>
> </complexType>
> <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
> <element name="X509SKI" type="base64Binary"/>
> <element name="X509SubjectName" type="string"/>
> <element name="X509Certificate" type="base64Binary"/>
> <element name="X509CRL" type="base64Binary"/>
> <complexType name="X509IssuerSerialType">
> <sequence>
> <element name="X509IssuerName" type="string"/>
> <element name="X509SerialNumber" type="integer"/>
> </sequence>
> </complexType>
Received on Friday, 28 September 2001 02:49:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC