- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Wed, 27 Aug 2008 14:53:16 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
In our call on 19 August we discussed issues related to schema validation in conjunction with signing and encryption [1]. The fundamental issue is that signing (and encryption) can modify an XML document, by either adding ds:Signature element(s) to the document or xenc:EncryptedData elements (in which case other elements originally in the document may also "disappear"). Dealing with the simpler case of signatures, authors of XML Schema can anticipate the addition of XML Signature elements either by defining optional ds:Signature elements in the schema, or using XML Schema wildcards to enable extension of the schema. If this is not done, then addition of one or more XML Signature elements to the document will cause XML Schema validation to fail (though the document will remain well-formed). One possible solution that has been mentioned is to layer signature processing and schema validation, and thus only XML Schema validate after signatures have been processed (and removed). This can be problematical in a workflow where multiple signatures are added to a document, for example a signature and then a countersignature, where the counter-signing application considers the entire document to include the first signature. In this case removing the first signature is counter to the semantics and intent of the application. Thus it may be appropriate to either request all schema authors to adopt a best practice of anticipating one or more signatures and/or encryption, or to attempt to address this in the core XML Schema specification - in other words treat security as a fundamental aspect schema in general. regards, Frederick Frederick Hirsch Nokia [1] http://www.w3.org/2008/08/19-xmlsec-minutes.html#item04 This should close ACTION-44
Received on Wednesday, 27 August 2008 18:54:30 UTC