Re: XML Signature schema implementation

     By the way, all of the elements in this case except for X509SKI are
plausible candidates for reuse.  X509Certificate, X509CRL, and
X509SubjectName are all more likely to be reused in another spec than

          Tom Gindin

"Peter Tornberg" <> on 09/21/2001 04:13:56 AM

Sent by:

To:   "xmldsig" <>
Subject:  Re: XML Signature schema implementation

Thanks for your response Joseph,

Here is what I think would be nice.

E.g. X509IssuerSerial is not global from the XML Dsig schema. This means
that if I ever want to use a X509IssuerSerial in any cryptographic schema I
will have to define my own instead of reusing an already existing. If my
schema is almost entirely cryptographic if would feel like reinventing the

The schema could be rewritten for e.g. X509IssuerSerial:
<element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/> <!--
Global -->

<complexType name="X509DataType">
   <sequence maxOccurs="unbounded">
         <element ref="ds:X509IssuerSerial"/>
         <element name="X509SKI" type="base64Binary"/>
         <element name="X509SubjectName" type="string"/>
         <element name="X509Certificate" type="base64Binary"/>
         <element name="X509CRL" type="base64Binary"/>
         <any namespace="##other" processContents="lax"/>

<complexType name="X509IssuerSerialType">
      <element name="X509IssuerName" type="string"/>
      <element name="X509SerialNumber" type="integer"/>

I suppose writing it like this may introduce a performance penalty for the
parser? Or is there any other reason from keeping these things from beeing



----- Original Message -----
From: "Joseph Reagle" <>
To: "Peter Tornberg" <>; "xmldsig" <>
Sent: Thursday, September 20, 2001 5:50 PM
Subject: Re: XML Signature schema implementation

> On Thursday 20 September 2001 03:21, Peter Tornberg wrote:
> > namespace. I.e. while creating new schemas I'm unable to do a
> > ref="ds:..." to a number of elements in the xmldsig schema. Instead I
> > have to create and name my own elements using name="..." type="ds:...".
> Could you be more specific? We did rewrite our schema to make both the
> major element and their types named and global items. [1] includes all of
> the global elements. A few of the key structures' children (like those of
> PGP or X509) are not provided globally because (1) we didn't have demand
> make *everything* global (it'd be ugly) and those children typically
> a contextual semantic (they are properties of the same thing).
> Consequently, it wouldn't make sense or mean the same thing, if somehow
> someone use them piece-meal or in a different context: they should use a
> different namespace. Of course, the could build that on top of our own by
> deriving it from our type.
> [1]
> Global elements and types in XMLDSIG
> <element name="Signature" type="ds:SignatureType"/>
> <element name="SignatureValue" type="ds:SignatureValueType"/>
> <element name="SignedInfo" type="ds:SignedInfoType"/>
> <element name="CanonicalizationMethod"
> type="ds:CanonicalizationMethodType"/>
> <element name="SignatureMethod" type="ds:SignatureMethodType"/>
> <element name="Reference" type="ds:ReferenceType"/>
> <element name="Transforms" type="ds:TransformsType"/>
> <element name="Transform" type="ds:TransformType"/>
> <element name="DigestMethod" type="ds:DigestMethodType"/>
> <element name="DigestValue" type="ds:DigestValueType"/>
> <element name="KeyInfo" type="ds:KeyInfoType"/>
> <element name="KeyName" type="string"/>
> <element name="MgmtData" type="string"/>
> <element name="KeyValue" type="ds:KeyValueType"/>
> <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
> <element name="X509Data" type="ds:X509DataType"/>
> <element name="PGPData" type="ds:PGPDataType"/>
> <element name="SPKIData" type="ds:SPKIDataType"/>
> <element name="Object" type="ds:ObjectType"/>
> <element name="Manifest" type="ds:ManifestType"/>
> <element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
> <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
> <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
> <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>

Received on Friday, 21 September 2001 18:36:20 UTC