Re: XML Signature schema implementation from Tom Gindin on 2001-09-21 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Fri, 21 Sep 2001 18:34:44 -0400
To: "Peter Tornberg" <tberg@x-obi.com>
Cc: "xmldsig" <w3c-ietf-xmldsig@w3.org>
Message-ID: <OF078E4B24.B76056EE-ON85256ACE.007BCBFC@pok.ibm.com>
     By the way, all of the elements in this case except for X509SKI are
plausible candidates for reuse.  X509Certificate, X509CRL, and
X509SubjectName are all more likely to be reused in another spec than
X509IssuerSerial.

          Tom Gindin

"Peter Tornberg" <tberg@x-obi.com>@w3.org on 09/21/2001 04:13:56 AM

Sent by:  w3c-ietf-xmldsig-request@w3.org


To:   "xmldsig" <w3c-ietf-xmldsig@w3.org>
cc:
Subject:  Re: XML Signature schema implementation


Thanks for your response Joseph,

Here is what I think would be nice.

E.g. X509IssuerSerial is not global from the XML Dsig schema. This means
that if I ever want to use a X509IssuerSerial in any cryptographic schema I
will have to define my own instead of reusing an already existing. If my
own
schema is almost entirely cryptographic if would feel like reinventing the
wheel.

The schema could be rewritten for e.g. X509IssuerSerial:
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/> <!--
Global -->

<complexType name="X509DataType">
   <sequence maxOccurs="unbounded">
      <choice>
         <element ref="ds:X509IssuerSerial"/>
         <element name="X509SKI" type="base64Binary"/>
         <element name="X509SubjectName" type="string"/>
         <element name="X509Certificate" type="base64Binary"/>
         <element name="X509CRL" type="base64Binary"/>
         <any namespace="##other" processContents="lax"/>
      </choice>
   </sequence>
</complexType>

<complexType name="X509IssuerSerialType">
   <sequence>
      <element name="X509IssuerName" type="string"/>
      <element name="X509SerialNumber" type="integer"/>
   </sequence>
</complexType>

I suppose writing it like this may introduce a performance penalty for the
parser? Or is there any other reason from keeping these things from beeing
global?

Thanks!

/Peter



----- Original Message -----
From: "Joseph Reagle" <reagle@w3.org>
To: "Peter Tornberg" <tberg@x-obi.com>; "xmldsig" <w3c-ietf-xmldsig@w3.org>
Sent: Thursday, September 20, 2001 5:50 PM
Subject: Re: XML Signature schema implementation


> On Thursday 20 September 2001 03:21, Peter Tornberg wrote:
> > namespace. I.e. while creating new schemas I'm unable to do a
> > ref="ds:..." to a number of elements in the xmldsig schema. Instead I
> > have to create and name my own elements using name="..." type="ds:...".
>
> Could you be more specific? We did rewrite our schema to make both the
> major element and their types named and global items. [1] includes all of
> the global elements. A few of the key structures' children (like those of
> PGP or X509) are not provided globally because (1) we didn't have demand
to
> make *everything* global (it'd be ugly) and those children typically
share
> a contextual semantic (they are properties of the same thing).
> Consequently, it wouldn't make sense or mean the same thing, if somehow
> someone use them piece-meal or in a different context: they should use a
> different namespace. Of course, the could build that on top of our own by
> deriving it from our type.
>
>
> [1]
http://www.w3.org/Signature/Drafts/xmldsig-core/xmldsig-core-schema.xsd
> Global elements and types in XMLDSIG
> <element name="Signature" type="ds:SignatureType"/>
> <element name="SignatureValue" type="ds:SignatureValueType"/>
> <element name="SignedInfo" type="ds:SignedInfoType"/>
> <element name="CanonicalizationMethod"
> type="ds:CanonicalizationMethodType"/>
> <element name="SignatureMethod" type="ds:SignatureMethodType"/>
> <element name="Reference" type="ds:ReferenceType"/>
> <element name="Transforms" type="ds:TransformsType"/>
> <element name="Transform" type="ds:TransformType"/>
> <element name="DigestMethod" type="ds:DigestMethodType"/>
> <element name="DigestValue" type="ds:DigestValueType"/>
> <element name="KeyInfo" type="ds:KeyInfoType"/>
> <element name="KeyName" type="string"/>
> <element name="MgmtData" type="string"/>
> <element name="KeyValue" type="ds:KeyValueType"/>
> <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
> <element name="X509Data" type="ds:X509DataType"/>
> <element name="PGPData" type="ds:PGPDataType"/>
> <element name="SPKIData" type="ds:SPKIDataType"/>
> <element name="Object" type="ds:ObjectType"/>
> <element name="Manifest" type="ds:ManifestType"/>
> <element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
> <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
> <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
> <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
>
Received on Friday, 21 September 2001 18:36:20 UTC