- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 21 Dec 1999 18:30:31 -0500
- To: Gregor.Karlinger@iaik.at
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Gregor,
Thank you for your comments! They've been wrapped into the edits presently
at:
http://www.w3.org/Signature/Drafts/WD-xmldsig-core-20000104/
this will be placed in the hopper tomorrow for TR/ietf-draft publication on
January 04 2000.
This new version includes complete schema and DTD declarations, as well as
stand alone versions. I'm sure the DTD is buggy, but the schema complies
with the latest spec, validates to their DTD, and renders in IE. It also
includes a few bits of red text I hope I can get some clarity from Don and
David on before end of tomorrow.
In January I hope to update my data model DLG and link that in as well.
Then the task is to validate actual Signature instances (against a DTD, XDR,
or schema) and generate real cryptographic values!
Editorial minutia follow:
___
At 14:44 99/12/20 +0100, Gregor Karlinger wrote:
>"This is an internal WG Draft that captures the move towards References
..."
Status has been updated.
>Several different URIs are used for declaring the same namespace, namely
>xmlns="http://www.w3.org/1999/12/xmldsig-core":
>
>"... SignatureProperties is identified and defined by this specifications
namespace
> http://www.w3.org/1999/12/dsig-core/SignatureProperties ..."
They've been updated and made consistent to:
http://www.w3.org/2000/01/xmldsig/
(since we changed an element type).
>Section "2.0 Signature Overview":
>---------------------------------
>
>Typo: "...The formal specification is provided in the section-3: ..."
> ^^^
This section provides an overview of XML digital signature syntax and
processing; the formal specification is in section-3: Core Signature Syntax.
>Section "2.1 The Signature Element":
>------------------------------------
>
>"... Within an XML document, signatures are related to data objects via
IDREFs ..."
>
>Signatures can also be related to data objects via URI and XPath
transforms. Maybee
>add this fact here.
But URIs are not used within the XML document. Still, that text has been
clarified in subsequent editing:
Within an XML document, signatures are related to data objects via IDREFs
[XML] and the data can be included within an envoloping signature or can
enclose an enveloped signature. Signatures are related to external data
objects via URIs [URI] and the signature and data object are said to be
detached.
>Section "2.2 The SignedInfo Element":
>-------------------------------------
>
>"... We specify additional algorithms as Recommended or Optional and ..."
>
>Maybe capitalize "Recommended" and "Optional".
They are capitalized, you mean normal case? Changed to lower case.
>Section "2.3 The Reference Element":
>------------------------------------
>
>...
> <SignedInfo>
> (CanonicalizationMethod)?
> (SignatureMethod)
> <Reference (URI=|IDREF=)? Type=?>
> (Transforms)?
> (DigestMethod)
> (DigestValue)
> </Reference>+
> </SignedInfo>
>...
>
>The expression "<Reference ... </Reference>" should be placed in brackets
to
>better indicate the operand of the "+" operator.
I placed it in parenthesis.
>Section "2.5 The SignatureProperties Element":
>----------------------------------------------
>
>Typo: "... or the serial number or hardware used ..."
> ^^
>Section "3.1 The Signature element":
thanks.
>------------------------------------
>
>"... Example:
>
> <!DOCTYPE Signature [
> <!ENTITY dsig 'http://www.w3.org/1999/12/signature-core'>]>
> <Signature xmlns="http://www.w3.org/1999/12/xmldsig-core"> ..."
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Same as with section 1.3.
Roger.
>Section "3.3.3.1 The Transforms Element":
>-----------------------------------------
>
>In this section there is no hint (neither in the textual description nor
in the
>Schema definition) that the "Transform" element could have mixed content.
But
>in section 5.6 the specification defines some character content for the
"Transform"
>element.
>
>To solve this contradiction, I suggest the following:
>
>* Keep the content model as-is (content='elementOnly')
>
>* Put the stuff defined in section 5.6 into a parameter element (for
example the
> XPath language expression).
I want to get other WG members feedback on this, I'll place it on the open
issues list.
At 14:44 99/12/20 +0100, Gregor Karlinger wrote:
>There is no provisions for entity definition any more in XML-Schema. So
the last
>line has to be omitted. There are also some old definitions for the
namespace URI,
>which I have changed below.
>
> <?xml version='1.0'?>
> <!DOCTYPE schema
> SYSTEM
'http://www.w3.org/TR/1999/WD-xmlschema-1-19991105/structures.dtd'
> [
> <!ENTITY dsig 'http://www.w3.org/1999/12/xmldsig-core'>
> ]>
> <schema targetNS='http://www.w3.org/1999/12/xmldsig-core'
> version='0.1'
> xmlns='http://www.w3.org/1999/XMLSchema'>
Ok, I adopted the above except I use the proper DTD for the new schema spec.
>----------------------------------------------------------------------------
------------
>Section "3.0 Core Signature Syntax":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Signature'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element ref='SignedInfo' minOccurs='1' maxOccurs='1'/>
> <element ref='SignatureValue' minOccurs='1' maxOccurs='1'/>
> <element ref='KeyInfo' minOccurs='0' maxOccurs='1'/>
> <element ref='Object' minOccurs='0' maxOccurs='*'/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3 The SignedInfo Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='SignedInfo'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element ref='CanonicalizationMethod' minOccurs='0' maxOccurs='1'/>
> <element ref='SignatureMethod' minOccurs='1' maxOccurs='1'/>
> <element ref='Reference' minOccurs='1' maxOccurs='*'/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3.1 The CanonicalizationMethod Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='CanonicalizationMethod'>
> <type content='elemOnly'>
> <element ref='Parameter' minOccurs='1' maxOccurs='1'>
> <attribute name='Algorithm' type='uri' minOccurs='1' maxOccurs='1'/>
> <type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3.2 The SignatureMethod Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='SignatureMethod'>
> <type content='elemOnly'>
> <element ref='Parameter' minOccurs='0' maxOccurs='*'>
> <attribute name='Algorithm' type='uri' minOccurs='1' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3.3 The Reference Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Reference'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element ref='Transforms' minOccurs='0' maxOccurs='1'/>
> <element ref='DigestMethod' minOccurs='1' maxOccurs='1'/>
> <element ref='DigestValue' minOccurs='1' maxOccurs='1'/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> <attribute name='URI' type='uri' minOccurs='0' maxOccurs='1'/>
> <attribute name='IDREF' type='IDREF' minOccurs='0' maxOccurs='1'/>
> <attribute name='Type' type='uri' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3.3.1 The Transforms Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Transforms' >
> <type content='elementOnly'>
> <element ref='Transform' minOccurs='1' maxOccurs='*'/>
> </type>
> </element>
>
> <element name='Transform'>
> <type content='elementOnly'>
> <element ref='Parameter' minOccurs='0' maxOccurs='*'/>
> <attribute name='Algorithm' type='string' minOccurs='1' maxOccurs='1'/>
> <attribute name='Type' type='uri' minOccurs='0' maxOccurs='1'/>
> <attribute name='Charset' type='string' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>Maybe consider to change the type of attribute 'Charset' to 'uri'.
Put on open issues list.
>----------------------------------------------------------------------------
------------
>Section "3.3.3.2 The DigestMethod Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='DigestMethod'>
> <type content='elemOnly'>
> <element ref='Parameter' minOccurs='0' maxOccurs='*'/>
> <attribute name='Algorithm' type='uri' minOccurs='1' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.3.3.3 The DigestValue Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='DigestValue'>
> <type source='string'>
> <attribute name='Encoding' type='uri' default='&dsig;/Base64'
> minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
At 10:37 99/12/21 +0100, Gregor Karlinger wrote:
>----------------------------------------------------------------------------
------------
>Section "3.4 The KeyInfo Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='KeyInfo'>
> <type content='elementOnly'>
> <group order='choice' minOccurs='1' maxOccurs='1'>
> <element name='KeyName' type='string'/>
> <element name='KeyValue' type='string'/>
> <element name='SubjectName' type='string'/>
> <element name='RetrievalMethod' type='string'/>
> <element ref='X509Data'/>
> <element ref='PGPData'/>
> <element name='MgmtData' type='string' minOccurs='0' maxOccurs='1'/>
> <any/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>Note: Maybe consider group's attribute maxOccurs to be '*' instead of '1'
Put on editorial open issue.
>New definition:
> <element name='X509IssuerSerial'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element name='X509Name' type='string' minOccurs='1' maxOccurs='1'/>
> <element name='X509SerialNumber' type='string' minOccurs='1'
maxOccurs='1'/>
> </group>
> </type>
> </element>
>
> <element name='X509Data'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <group order='choice' minOccurs='1' maxOccurs='1'>
> <element ref='X509IssuerSerial'/>
> <element name='X509SKI' type='string'/>
> <element name='X509Name' type='string'/>
> </group>
> <element name='X509Certificate' type='string' minOccurs='0'
maxOccurs='1'/>
> <element name='X509CRL' type='string' minOccurs='0' maxOccurs='1'/>
> <group>
> </type>
> </element>
Ok.
>New definition:
>
> <element name='PGPData'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element name='PGPKeyID' type='string' minOccurs='1' maxOccurs='1'/>
> <element name='PGPKeyPacket' type='string' minOccurs='1'
maxOccurs='1'/>
> </group>
> </type>
> </element>
Ok.
>
>Old definition:
>
> <element name='MgmtData' type='string' minOccurs='0' maxOccurs='1'/>
> </archetype>
> </element>
>
>New definition:
>
> Obsolete.
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.5 The Object Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Object' >
> <type content='mixed'>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> <attribute name='Type' type='uri' minOccurs='0' maxOccurs='1'/>
> <attribute name='Encoding' type='uri' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "3.6 The Parameter Element":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Parameter'>
> <type content='mixed'>
> <attribute name='Encoding' type='uri' minOccurs='0' maxOccurs='1'/>
> </archetype>
> </element>
Ok (but the closing element is type).
>----------------------------------------------------------------------------
------------
>Section "4.1 The Manifest and Package Elements":
>----------------------------------------------------------------------------
------------
>New definition:
>
> <element name='Manifest'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element ref='Reference' minOccurs='1' maxOccurs='*'/>
> <element ref='Object' minOccurs='0' maxOccurs='*'/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>New definition:
>
> <element name='Package'>
> <type content='elementOnly'>
> <group order='seq' minOccurs='1' maxOccurs='1'>
> <element ref='Reference' minOccurs='1' maxOccurs='*'/>
> <element ref='Object' minOccurs='0' maxOccurs='*'/>
> </group>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>----------------------------------------------------------------------------
------------
>Section "4.2 The SignatureProperties Element":
>----------------------------------------------------------------------------
------------
>
>Old definition:
>
> <element name='SignatureProperties' >
> <archetype content='elemOnly' >
> <element ref='SignatureProperty' minOccurs='1' maxOccurs='*'>
> <attribute name='Id' type='id'/>
> </archetype>
> </element>
>
>New definition:
>
> <element name='SignatureProperties'>
> <type content='elementOnly'>
> <element ref='SignatureProperty' minOccurs='1' maxOccurs='*'>
> <attribute name='Id' type='ID' minOccurs='0' maxOccurs='1'/>
> </type>
> </element>
Ok.
>New definition:
>
> <element name='SignatureProperty'>
> <type content='mixed'>
> <attribute name='Target' type='IDREF' minOccurs='1' maxOccurs='1'/>
> </type>
> </element>
Ok.
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 21 December 1999 18:30:37 UTC