- From: Scott Cantor <cantor.2@osu.edu>
- Date: Mon, 21 Jul 2008 17:08:51 -0400
- To: "'Frederick Hirsch'" <frederick.hirsch@nokia.com>, <public-xmlsec@w3.org>
> Advances in XML Schema 1.1 may make it possible to generically enable > XML documents to be XML Schema validated, even after the addition of > an XML Signature, and even without pre-defining a slot in the > document schema specifically for XML Signature. This could enable > additional XML Signature adoption by removing an issue related to XML > validation after signing. > > This might be done using ubiquitous wildcarding [1]. I only scanned it quickly, but I didn't see anything all that new in that section that suggested any material impact on the ability to validate a signature without having allowed for it. If your schema happens to have wildcards, then sure, you can use a Signature in such a spot. But in practice, I think documents that didn't "plan" to be signed tend to be signed using enveloping signatures rather than trying to artificially embed one inside the document. Given the general sentiment against runtime validation of documents in many applications, the more complex problem isn't maintaining schema validity after signing, but rather accomplishing signature verification *without* validation (i.e. the ID attribute problem, default attributes, etc). -- Scott
Received on Monday, 21 July 2008 21:22:00 UTC