X509 Schema Tweaks (Was: XML Signature schema implementation)

On Friday 21 September 2001 06:34 pm, Tom Gindin wrote:
>      By the way, all of the elements in this case except for X509SKI are
> plausible candidates for reuse.  X509Certificate, X509CRL, and
> X509SubjectName are all more likely to be reused in another spec than
> X509IssuerSerial.

In that case, I think the tweaked schema would need to look like [1]. This 
wouldn't affect parser or schema validation performance I don't think. It 
does permit  people to borrow our natural language specification of how 
these things are encoded and such. However, it is rather ugly, if someone 
wants to re-use it, they could redefine/import them in a new namespace, and 
it divorces these element types from their context/meaning as properties of 
a single X509Data structure. 

These are all minor points, but given our late stage in the game, I'd like 
to hear more voices in support of this change...

[1]  Tweaked X509DataType
<complexType name="X509DataType">
   <sequence maxOccurs="unbounded">
         <element ref="ds:X509IssuerSerial"/>
         <element ref="ds:X509SKI"/>
         <element ref="ds:X509SubjectName"/>
         <element ref="ds:X509Certificate"/>
         <element ref="ds:X509CRL"/>
         <any namespace="##other" processContents="lax"/>

<element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
<element name="X509SKI" type="base64Binary"/>
<element name="X509SubjectName" type="string"/>
<element name="X509Certificate" type="base64Binary"/>
<element name="X509CRL" type="base64Binary"/>

<complexType name="X509IssuerSerialType">
      <element name="X509IssuerName" type="string"/>
      <element name="X509SerialNumber" type="integer"/>

Received on Thursday, 27 September 2001 17:18:20 UTC