- From: MURATA Makoto (FAMILY Given) <eb2m-mrt@asahi-net.or.jp>
- Date: Thu, 21 Jan 2010 08:12:20 +0900
- To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
- Cc: Murata <eb2m-mrt@asahi-net.or.jp>
> > But what is the known algorithms? RSA-OAEP and RSA Version 1.5 only? > > When permissible contents are cleary defined, I would like to capture > > them in the RELAX NG schema. > > The algorithms vary by context, I believe, not specifically in terms of that > XML element, which is generic and used for different things in the spec. > Those two are for key transport, for example, vs. others that are key > wrapping, others for actual encryption, etc. So, do some W3C specifications specify other algorithms that have particular values of the Algorithm attribute and particular content models? > So, you can impose tight restrictions by using > > xmldsig-core-schema.rnc only. > > Nobody would be likely to do that. SC34/WG4 (OOXML) (convened by me) will use mldsig-core-schema.rnc without using allowAnyForeign.rnc. I will try to make ODF use that only. >If you're saying there's no equivalent of ##any, then I guess > you're stuck enumerating everything in the schema. ##any or ##other with laxed validation can only be mimicked by explicitly enumerating what has to be validated. (Note that any-containing-xmldsig11-properties.rnc allows property elements only as children of SignatureProperty elements.) But you do not have to enumerate what has to be skipped; you can rely on wild cards such as anyForeignElement = element * - ds:* { mixed { anyAttribute*, anyForeignElement* } } Cheers, Makoto
Received on Wednesday, 20 January 2010 23:12:55 UTC