W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2001

Experiements with ds:KeyInfo Reuse

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 23 Apr 2001 12:10:53 -0400
Message-Id: <>
To: "XML Encryption WG " <xml-encryption@w3.org>

I've spent some more time playing with the schema and asking questions of 
Henry. I'm now confident that if we want to use or reuse ds:KeyInfo, my hope 
to co-exist with its ANY and also show how to do cooler extensibility via 
subsitutionGroup, or other stronger typing/extensibility isn't easy.

The problem is a "non-deterministic content model." For instance, if we say 
KeyRetrievalMethod is in the subsitution group of RetrievalMethod this means 
that (1)  KeyRetrievalMethod is a restriction/extension of the 
RetrievalMethod, when it appears in ds:KeyInfo, it should replace 
RetrievalMethod: they both shouldn't occur. This is very nice. 
Unfortunately, since there is an ANY in ds:KeyInfo, the validation doesn't 
know whether to match the KeyRetrievalMethod as a member of the 
subsitutionGroup or as the ANY, resulting in the "non-deterministic" problem.

(I'm using KeyRetrievalMethod as an example of a general extensibility 
issue, I'm not convinced that we actually need KeyRetrievalMethod, don't see 
many reasons we couldn't just use ds:RetrievalMethod to do the trick.)

Regardless, the only way to get around this would be to redefine the 
ds:KeyInfo and remove the ANY -- yes, schema permits someone to redefine the 
schema associated with a namespace in their own context. However, I'm not 
keen on this. And I don't think it's a good idea to try to remove the ANYs 
(and use more sophisticated extensions) from dsig at this point.

So we're stuck with "orphaned" elements that have to rely upon a comment to 
get some sense of where they belong:

<?xml version="1.0" encoding="UTF-8"?>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
	<EncryptionMethod Algorithm="foo"/>
	  <EncryptedKey xmlns="">
                 <KeyRetrievalMethod URI="http://someKey"

   <!-- Children of ds:KeyInfo -->

   <element name="EncryptedKey" type="enc:EncryptedKeyType"/>
   <complexType name="EncryptedKeyType">
       <extension base="enc:EncryptedType">
           <element ref="enc:ReferenceList" minOccurs="0"/>
         <attribute name="NameKey" type="string" use="optional"/>
         <attribute name="Recipient" type="string" use="optional"/>

    <element name="KeyRetrievalMethod" type="enc:KeyRetrievalMethodType" />
    <complexType name="KeyRetrievalMethodType">
        <restriction base="ds:RetrievalMethodType">
            <element name="Transforms" type="ds:TransformsType" 
          <attribute name="URI" type="anyURI"/>
          <attribute name="Type" type="anyURI" use="optional" 
fixed="http://www.w3.org/2001/04/xmlenc#EncryptedKey" />

   <!-- End Children of ds:KeyInfo -->

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Monday, 23 April 2001 12:11:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC