Re: Comments on "XML-Signature Syntax and Processing" from Joseph M. Reagle Jr. on 2000-12-12 (w3c-ietf-xmldsig@w3.org from October to December 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 12 Dec 2000 12:44:50 -0500
To: muraw3c@attglobal.net
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <4.3.2.7.2.20001212122900.029c3b68@rpcp.mit.edu>

At 20:28 12/11/2000 +0900, muraw3c@attglobal.net wrote:
>I compared xmldsig-core-schema.xsd and xmldsig-core-schema.dtd referenced
>from the latest version of XML Digital Signature.

Hi Makoto, thank you for your comments, responses follow:

>1) Syntax error
>
>To my surprise, there is a syntax error in the DTD.
>
><!ELEMENT SignatureProperty %SignatureProperty.ANY >
>
>should read
>
><!ELEMENT SignatureProperty %SignatureProperty.ANY; >

This was recently noted and corrected [1] (and XMetal logged the bug that 
failed to notice this in their DTD validator):

[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000OctDec/0215.html

>2) Differences between the two versions

The first two are fairly close:

>- Permissible contents of MgmtData are very different.

<element name="MgmtData" type="string"/>

<!ELEMENT MgmtData (#PCDATA)>

>- Permissible contents of KeyName are very different.

<element name="KeyName" type="string"/>

<!ELEMENT KeyName (#PCDATA) >

The rest differ, with the schema definition being normative and the DTD 
being structured such that we provide a few 'foo.ANY' entities to emulate 
schema's <any/> that need to be modified by the application for it's context.

>- Permissible contents of KeyValue are very different.

<element name="KeyValue" type="ds:KeyValueType"/>
    <complexType name="KeyValueType" mixed="true">
      <choice>
        <any namespace="##other" processContents="lax" minOccurs="0"
         maxOccurs="unbounded"/>
        <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
        <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
      </choice>
    </complexType>

<!ELEMENT KeyValue %Key.ANY; >
<!ENTITY % Key.ANY '(#PCDATA|KeyName|KeyValue|RetrievalMethod| 
X509Data|PGPData|MgmtData|DSAKeyValue|RSAKeyValue)*'>

We could create an few more Key*.ANY entities (like a KeyValue.ANY) but 
given applications (if they are using the DTD) will need to tweak these 
anyway, unless someone advocated it, I wasn't going to make an issue of it.

>- Permissible contents of SignatureProperty are very different.

Again:
         <!ELEMENT SignatureProperty %SignatureProperty.ANY >
is the best we've been able to come up with for emulating the schema <any/>, 
this requires the application designer to tweak the %SignatureProperty.ANY 
entity as approriate.

If you have any suggestions for improvements on this approach, please let us 
know!

__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Tuesday, 12 December 2000 12:45:14 UTC