- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 25 May 2010 12:04:00 -0400
- To: <public-xmlsec@w3.org>
The two open issues with the schema dating back to 1.x are: - use of mixed="true" - the mis-typing of X509IssuerSerial as a number instead of a string My suggestions for 2.0 are as follows (based on March WD): Unless we have a use case for mixed content in any of the places the schema currently specifies mixed="true" (just search for "mixed" in the WD), I suggest we add the following text to the end of section 4 (Core Signature Syntax): ----- "Notwithstanding the presence of a mixed content model (via mixed="true" declarations) in the definitions of various elements that follow, use of mixed content in conjunction with any elements defined by this specification is NOT RECOMMENDED. When these elements are used in conjunction with "2.0 Mode" signatures, mixed content MUST NOT be used." ----- For the X509IssuerSerial issue, I suggest revising the text in section 4.5.4 about this issue (last paragraph) and replacing it with: ----- Deployments that expect to make use of the X509IssuerSerial element should be aware that many Certificate Authorities issue certificates with large, random serial numbers. XML Schema validators may not support integer types with decimal data exceeding 18 decimal digits [XML-schema]. Therefore such deployments should avoid schema-validating the X509IssuerSerial element, or make use of a local copy of the schema that adjusts the data type of the X509SerialNumber child element from "integer" to "string". ----- -- Scott
Received on Tuesday, 25 May 2010 16:04:35 UTC