- From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
- Date: Wed, 23 Sep 2009 09:02:19 +0900
- To: "Scott Cantor" <cantor.2@osu.edu>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>, Murata <eb2m-mrt@asahi-net.or.jp>
Scott, Thank you for your reply. I appreciate it very much. I agree that the RELAX NG schema has to exactly capture what is allowed in the current XML Signature spec. However, since sometimes the XSD schema and prose in the spec are slightly different, I do not always understand the intention. Specifically, I have questions as below: When @Algorithm in a Transform element has the value "http://www.w3.org/2000/09/xmldsig#base64", can this element have a child element? 6.2.2 says: "The base64 Transform element has no content", which appears to disallow foreign elements as well as textual content. Can the first child of a SPKIData foreign element? One sentence in 4.4.6, namely "SPKISexp can be complemented/extended by siblings from an external namespace within SPKIData", appears to allow such a foreign eldest child, but the schema does not. When @Altorithm of a DigestMethod element has the value "http://www.w3.org/2000/09/xmldsig#sha1", can this element have a child element? 6.2.1 says: "The SHA-1 algorithm [SHA-1] takes no explicit parameters.", but it is not clear whether or not foreign elements are allowed. When @Algorithm of a SignatureMethod element has the value "http://www.w3.org/2000/09/xmldsig#dsa-sha1", can this element have elements other than a single HMACOutputLength element? Cheers, Makoto
Received on Wednesday, 23 September 2009 00:03:12 UTC