- From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
- Date: Tue, 02 Feb 2010 22:01:28 +0900
- To: XMLSec WG Public List <public-xmlsec@w3.org
- Cc: Innovimax SARL <innovimax@gmail.com>, "adjb@adjb.net" <adjb@adjb.net>, Murata <eb2m-mrt@asahi-net.or.jp>
- Message-Id: <20100202220123.F0D9.B794FC04@asahi-net.or.jp>
Frederick,
Sorry for my belated reply.
> I also think it would be helpful if you could please provide schemas
> for XML Encryption 1.1 and Generic Hybrid Cipher before WG1 review as
> well. Then we may have a complete document.
I am afraid that I cannot finish them this week. So, is it ok to add
them in the second draft?
> It does not directly reference allowAny.rnc, allowAny11.rnc,
> allowAnyForeign.rnc allowAnyForeign11.rnc, any-containing-xmldsign.rnc
> or exclusiveC14N.rnc. I'm not sure if or how these should be mentioned
> in the document, so that is something to consider adding for a
> revision before WG1 review. For example, we might want a new section
> for Exclusive Canonicalization.
Attached please find a revised version. I tried to faithfully follow Scott's
advice.
There are three groups of schemas.
The first group contains core schemas, namely
xmldsig-core-schema.rnc,
xmldsig11-schema.rnc,
xmldsig-properties-schema.rnc, and
exclusiveC14N.rnc.
These schemas are expected to be referenced from driver schemas. They
do not allow algorithms that are not explicitly mentioned in the
recommendations. They do now allow any elements where xsd:any
appears.
The second group contains schemas for mimicking xsd:any. They
are:
allowAnyForeign.rnc, and
allowAnyForeign11.rnc.
These schemas may be referenced from driver schemas although some
authors might want to create schemas dedicated to a collection of
non-standard algorithms.
The third group contains driver schemas, which invoke schemas in the
the first and second groups. The drive schemas are:
any-containing-xmldsig.rnc
any-containing-xmldsig11-properties-excusiveC14N.rnc
any-containing-xmldsig11-properties.rnc
any-containing-xmldsig11.rnc
These driver schemas further specify which namespace is
considered foreign by defining "anyForeignElement".
<xsd:any namespace="##any" .../> is mimicked by the
union of ds_anyDsElement and anyForeignElement, where
ds_anyDsElement =
ds_Signature | ds_SignatureValue | ds_SignedInfo
| ds_CanonicalizationMethod | ds_SignatureMethod | ds_Reference
| ds_Transforms | ds_Transform | ds_DigestMethod | ds_DigestValue
| ds_KeyInfo | ds_KeyName | ds_MgmtData | ds_KeyValue
| ds_RetrievalMethod | ds_X509Data | ds_PGPData | ds_SPKIData
| ds_Object | ds_Manifest | ds_SignatureProperties
| ds_SignatureProperty | ds_DSAKeyValue | ds_RSAKeyValue
I successfully validated the test documents against the driver schemas.
group
Hope this helps.
Cheers,
Makoto
Attachments
- application/x-zip-compressed attachment: dsig.zip
Received on Tuesday, 2 February 2010 13:02:04 UTC