- From: Pratik Datta <pratik.datta@oracle.com>
- Date: Tue, 1 Jun 2010 11:18:07 -0700 (PDT)
- To: Scott Cantor <cantor.2@osu.edu>, public-xmlsec@w3.org
Adding these warnings is fine. But changing the datatype in the schema may have some unintended consequences. In XML binding APIs, e.g. like JAXB which takes an XML schema and creates Java classes from it, changing the xml schema from int to string creates an incompatible change in the java class. So I would suggest that we do not modify the normative version of the schema, but we can make an unofficial errata-merged version available. New Dsig implementations can start with modified version. Pratik -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Tuesday, May 25, 2010 9:04 AM To: public-xmlsec@w3.org Subject: ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments The two open issues with the schema dating back to 1.x are: - use of mixed="true" - the mis-typing of X509IssuerSerial as a number instead of a string My suggestions for 2.0 are as follows (based on March WD): Unless we have a use case for mixed content in any of the places the schema currently specifies mixed="true" (just search for "mixed" in the WD), I suggest we add the following text to the end of section 4 (Core Signature Syntax): ----- "Notwithstanding the presence of a mixed content model (via mixed="true" declarations) in the definitions of various elements that follow, use of mixed content in conjunction with any elements defined by this specification is NOT RECOMMENDED. When these elements are used in conjunction with "2.0 Mode" signatures, mixed content MUST NOT be used." ----- For the X509IssuerSerial issue, I suggest revising the text in section 4.5.4 about this issue (last paragraph) and replacing it with: ----- Deployments that expect to make use of the X509IssuerSerial element should be aware that many Certificate Authorities issue certificates with large, random serial numbers. XML Schema validators may not support integer types with decimal data exceeding 18 decimal digits [XML-schema]. Therefore such deployments should avoid schema-validating the X509IssuerSerial element, or make use of a local copy of the schema that adjusts the data type of the X509SerialNumber child element from "integer" to "string". ----- -- Scott
Received on Tuesday, 1 June 2010 18:19:59 UTC