Re: RNG schema plans from MURATA Makoto (FAMILY Given) on 2010-01-20 (public-xmlsec@w3.org from January 2010)

From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
Date: Wed, 20 Jan 2010 21:27:46 +0900
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Cc: Murata <eb2m-mrt@asahi-net.or.jp>
Message-Id: <20100120212745.7FF7.B794FC04@asahi-net.or.jp>

> I'm asking what doesn't look clear, that was my question. What more does the
> prose say that's confusing?

Depending on the value of the Algorithm attribute, different contents
are expected.  The XML Signature specifications (both 1.0 and 1.1) 
provide some information about the interaction between the two.
I tried to capture this interaction in xmldsig-core-schema.rnc captures,
but I'm not 100% sure.  

For example, I wrote:

> When
> it is ...REC-xpath-19991116, an XPath element is allowed and nothing else 
> is allowed (again, this is my understanding of the spec). 

But XML Signature Syntax and Processing (Second Edition) simply says:

	The XPath expression to be evaluated appears as the character
	content of a transform parameter child element named XPath.

So, are foreign elements  allowed to precede or follow the XPath element?
(My guess:  No)  Is the XPath element mandatory?  (My guess: Yes) I have
similar questions about permissible contents when the Algorithm attribute 
specifies other values.

The same thing applies to XML Encryption 1.1.  The second para 
of 3.2 of XML Encryption 1.1 is as follows:

> The permitted child elements of the EncryptionMethod are determined by
> the specific value of the Algorithm attribute URI, and the KeySize child
> element is always permitted. For example, the RSA-OAEP algorithm
> (section 5.4.2) uses the ds:DigestMethod and OAEPparams elements. (We
> rely upon the ANY schema construct because it is not possible to specify
> element content based on the value of an attribute.)

Again, are preceding and following foreign elements disallowed?
Apart from the RSA-OAEP algorithm, what is allowed?  RSA Version 1.5
only?  (Again, are foreign child elements disallowed when
Algorithm="...#rsa-1_5"?)

4.5 The Object Element of XML Signature does not clearly specify
permissible children of the digital signature namespace.   I guess 
that any of the SignatureValue, SignedInfo, CanonicalizationMethod ,
SignatureMethod, Reference, Transforms, Transform , DigestMethod,
DigestValue, KeyInfo, KeyName, MgmtData , KeyValue, RetrievalMethod,
X509Data, PGPData, SPKIData , Manifest, SignatureProperties,
SignatureProperty, and DSAKeyValue elements are allowed . 
xmldsig-core-schema.rnc explicitly enumerates all of them.  
But I am not very sure.  (E.g., are SignatureProperty elements allowed
as children?)

Cheers,
Makoto

Received on Wednesday, 20 January 2010 12:28:21 UTC