- From: Scott Cantor <cantor.2@osu.edu>
- Date: Wed, 20 Jan 2010 10:41:55 -0500
- To: "'MURATA Makoto \(FAMILY Given\)'" <eb2m-mrt@asahi-net.or.jp>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
MURATA Makoto (FAMILY Given) wrote on 2010-01-20: >>> Again, are preceding and following foreign elements disallowed? Apart >>> from the RSA-OAEP algorithm, what is allowed? RSA Version 1.5 only? >> >> Algorithms are extensible. You can determine what the content is for the >> known algorithms, but not the unknown ones. > > But what is the known algorithms? RSA-OAEP and RSA Version 1.5 only? > When permissible contents are cleary defined, I would like to capture > them in the RELAX NG schema. The algorithms vary by context, I believe, not specifically in terms of that XML element, which is generic and used for different things in the spec. Those two are for key transport, for example, vs. others that are key wrapping, others for actual encryption, etc. > Actually, in RELAX NG, if you want to validate SignatureValue (rather > than skipping it) in Object for example, you have to explicitly > reference the pattern for SignatureValue. Object doesn't normally contain a SignatureValue, it carries something you'd be signing. >> And every other element in the world. > > Such foreign elements are allowed by > > ds_ObjectChild |= anyForeignElement > > in allowAnyForeign.rnc. So, you can impose tight restrictions by using > xmldsig-core-schema.rnc only. Nobody would be likely to do that. Object is a wrapper for arbitrary XML, not specifically for XML from this schema. That would be far less common, I would think. If you're saying there's no equivalent of ##any, then I guess you're stuck enumerating everything in the schema. -- Scott
Received on Wednesday, 20 January 2010 15:42:29 UTC