- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Tue, 6 Sep 2011 13:11:47 +0000
- To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "eb2m-mrt@asahi-net.or.jp" <eb2m-mrt@asahi-net.or.jp>
- CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
On 9/6/11 8:52 AM, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com> wrote: >It seems to me that what Makoto is saying makes sense, by asking > >Is there a way to leverage schema validation tools so that if material >from sig11 is referenced from within an enc11 instance we can obtain >validation of the sig11 material from the tools? That's an XML instance concern, not a matter for an importing (or in this case *non-importing*) schema. And no, there are no normative mechanisms. There are hints like schemaLocation which are insecure and have to be ignored by secure applications. The actual mechanism is application specific, and generally relies on catalogs or some mechanism to bind the namespaces you find in a document to the schemas you want to support. The last thing you want for security reasons is to let the documents or schemas force you into anything. >This question must have come up before and must have been resolved, >perhaps by using import. It turns out to be a major source of bugs that there isn't a standard mechanism that's also secure. But no, it's not done with imports. >Apart from philosophy (I've read the rest of the thread), is there any >practical reason not to do what Makoto is suggesting? (are we concerned >with loading the unneeded schema definitions for some reason?) I think it will create confusion to have an import that is unused in a schema (I feel essentially exactly the opposite about it). It will break applications that are for whatever reason using XML Encryption 1.1 syntax but not any XML Signature 1.1 syntax. But that isn't really my primary argument, which is why I listed basic correctness and appropriate use of import first. -- Scott
Received on Tuesday, 6 September 2011 13:12:28 UTC