RE: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments from Pratik Datta on 2010-06-01 (public-xmlsec@w3.org from June 2010)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Tue, 1 Jun 2010 11:18:07 -0700 (PDT)
To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
Message-ID: <d58d0889-811e-4686-a06a-08f004260668@default>

Adding these warnings is fine.
But changing the datatype in the schema may have some unintended consequences.  In XML binding APIs, e.g. like JAXB which takes an XML schema and creates Java classes from it, changing the xml schema from int to string creates an incompatible change in the java class.  So I would suggest that we do not modify the normative version of the schema,  but we can make an unofficial errata-merged version available. New Dsig implementations can start with modified version.

Pratik



-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Tuesday, May 25, 2010 9:04 AM
To: public-xmlsec@w3.org
Subject: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments

The two open issues with the schema dating back to 1.x are:

- use of mixed="true"

- the mis-typing of X509IssuerSerial as a number instead of a string

My suggestions for 2.0 are as follows (based on March WD):

Unless we have a use case for mixed content in any of the places the schema
currently specifies mixed="true" (just search for "mixed" in the WD), I
suggest we add the following text to the end of section 4 (Core Signature
Syntax):
-----
"Notwithstanding the presence of a mixed content model (via mixed="true"
declarations) in the definitions of various elements that follow, use of
mixed content in conjunction with any elements defined by this specification
is NOT RECOMMENDED.

When these elements are used in conjunction with "2.0 Mode" signatures,
mixed content MUST NOT be used."
-----

For the X509IssuerSerial issue, I suggest revising the text in section 4.5.4
about this issue (last paragraph) and replacing it with:
-----
Deployments that expect to make use of the X509IssuerSerial element should
be aware that many Certificate Authorities issue certificates with large,
random serial numbers. XML Schema validators may not support integer types
with decimal data exceeding 18 decimal digits [XML-schema]. Therefore such
deployments should avoid schema-validating the X509IssuerSerial element, or
make use of a local copy of the schema that adjusts the data type of the
X509SerialNumber child element from "integer" to "string".
-----

-- Scott

Received on Tuesday, 1 June 2010 18:19:59 UTC