Re: Comments on "XML-Signature Syntax and Processing" from muraw3c@attglobal.net on 2000-12-13 (w3c-ietf-xmldsig@w3.org from October to December 2000)

From: <muraw3c@attglobal.net>
Date: Wed, 13 Dec 2000 22:57:54 +0900 (JST)
To: w3c-ietf-xmldsig@w3.org
Cc: muraw3c@attglobal.net
Message-Id: <20001213225754S.muraw3c@attglobal.net>

Joseph,

Thanks for your reply.

> >2) Differences between the two versions
> 
> The first two are fairly close:
> 
> >- Permissible contents of MgmtData are very different.
> 
> <element name="MgmtData" type="string"/>
> 
> <!ELEMENT MgmtData (#PCDATA)>
>
> >- Permissible contents of KeyName are very different.
> 
> <element name="KeyName" type="string"/>
> 
> <!ELEMENT KeyName (#PCDATA) >

The body of the CR has the above dcl, but the DTD actually uses
%Key.ANY;.

<!ELEMENT MgmtData	%Key.ANY; >
<!ELEMENT KeyName	%Key.ANY; >

> The rest differ, with the schema definition being normative and the DTD 
> being structured such that we provide a few 'foo.ANY' entities to emulate 
> schema's <any/> that need to be modified by the application for it's context.

Thanks for your clarification.  I now understand the motivation.  But
I am still confused.

In my understanding, KeyValue have either DSAKeyValue, RSAKeyValue, or 
elements of foreign namespaces.

> >- Permissible contents of KeyValue are very different.
> 
> <element name="KeyValue" type="ds:KeyValueType"/>
>     <complexType name="KeyValueType" mixed="true">
>       <choice>
>         <any namespace="##other" processContents="lax" minOccurs="0"
>          maxOccurs="unbounded"/>
>         <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
>         <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
>       </choice>
>     </complexType>

But your DTD allows several element types of the very namespace 
"http://www.w3.org/2000/09/xmldsig#".  Is this really intended?

> <!ELEMENT KeyValue %Key.ANY; >
> <!ENTITY % Key.ANY '(#PCDATA|KeyName|KeyValue|RetrievalMethod| 
> X509Data|PGPData|MgmtData|DSAKeyValue|RSAKeyValue)*'>

> We could create an few more Key*.ANY entities (like a KeyValue.ANY) but 
> given applications (if they are using the DTD) will need to tweak these 
> anyway, unless someone advocated it, I wasn't going to make an issue of it.

I would rather write:

<!ENTITY % Key.ANY "(%ForeignKeyValue; DSAKeyValue|RSAKeyValue)*">
<!ENTITY % ForeignKeyValue "">

and allow users to redefine ForeignKeyValue.  For example:

<!ENTITY % ForeignKeyValue "foo:NewKeyValue | ">

> >- Permissible contents of SignatureProperty are very different.
> 
> Again:
>          <!ELEMENT SignatureProperty %SignatureProperty.ANY >
> is the best we've been able to come up with for emulating the schema <any/>, 
> this requires the application designer to tweak the %SignatureProperty.ANY 
> entity as approriate.
> 
> If you have any suggestions for improvements on this approach, please let us 
> know!

Hope this helps.  I think that use of placeholder parameter entities is 
a very standard technique for DTD authoring.


Cheers,


IBM Tokyo Research Lab &
International University of Japan, Research Institute

MURATA Makoto

Received on Wednesday, 13 December 2000 08:57:48 UTC