RE: RNG schema plans

MURATA Makoto (FAMILY Given) wrote on 2010-01-20:
>>>  Again, are preceding and following foreign elements disallowed? Apart
>>> from the RSA-OAEP algorithm, what is allowed?  RSA Version 1.5 only?
>> 
>> Algorithms are extensible. You can determine what the content is for the
>> known algorithms, but not the unknown ones.
> 
> But what is the known algorithms?  RSA-OAEP and  RSA Version 1.5 only?
> When permissible contents are cleary defined, I would like to capture
> them in the RELAX NG schema.

The algorithms vary by context, I believe, not specifically in terms of that
XML element, which is generic and used for different things in the spec.
Those two are for key transport, for example, vs. others that are key
wrapping, others for actual encryption, etc.

> Actually, in RELAX NG, if you want to validate SignatureValue (rather
> than skipping it) in Object for example, you have to explicitly
> reference  the pattern for SignatureValue.

Object doesn't normally contain a SignatureValue, it carries something you'd
be signing.

>> And every other element in the world.
> 
> Such foreign elements are allowed by
> 
>   ds_ObjectChild |= anyForeignElement
> 
> in allowAnyForeign.rnc.  So, you can impose tight restrictions by using
> xmldsig-core-schema.rnc only.

Nobody would be likely to do that. Object is a wrapper for arbitrary XML,
not specifically for XML from this schema. That would be far less common, I
would think. If you're saying there's no equivalent of ##any, then I guess
you're stuck enumerating everything in the schema.

-- Scott

Received on Wednesday, 20 January 2010 15:42:29 UTC