- From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
- Date: Thu, 21 Jan 2010 08:12:20 +0900
- To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
- Cc: Murata <eb2m-mrt@asahi-net.or.jp>
> > But what is the known algorithms? RSA-OAEP and RSA Version 1.5 only?
> > When permissible contents are cleary defined, I would like to capture
> > them in the RELAX NG schema.
>
> The algorithms vary by context, I believe, not specifically in terms of that
> XML element, which is generic and used for different things in the spec.
> Those two are for key transport, for example, vs. others that are key
> wrapping, others for actual encryption, etc.
So, do some W3C specifications specify other algorithms that have
particular values of the Algorithm attribute and particular content
models?
> So, you can impose tight restrictions by using
> > xmldsig-core-schema.rnc only.
>
> Nobody would be likely to do that.
SC34/WG4 (OOXML) (convened by me) will use mldsig-core-schema.rnc
without using allowAnyForeign.rnc. I will try to make ODF use that only.
>If you're saying there's no equivalent of ##any, then I guess
> you're stuck enumerating everything in the schema.
##any or ##other with laxed validation can only be mimicked by
explicitly enumerating what has to be validated. (Note that
any-containing-xmldsig11-properties.rnc allows property elements
only as children of SignatureProperty elements.)
But you do not have to enumerate what has to be skipped; you can
rely on wild cards such as
anyForeignElement = element * - ds:* {
mixed { anyAttribute*, anyForeignElement* } }
Cheers,
Makoto
Received on Wednesday, 20 January 2010 23:12:55 UTC