- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 27 Mar 2002 18:11:05 -0500
- To: "Takeshi Imamura" <IMAMU@jp.ibm.com>
- Cc: xml-encryption@w3.org
On Friday 22 March 2002 13:06, Takeshi Imamura wrote:
> >> 1. With the following, the OAEPParams element cannot be a child of the
> >> EncryptionMethod element because of namespace="##other" of <any>.
> >>
> >> <complexType name='EncryptionMethodType' mixed='true'>
> >> <sequence>
> >> <element name='KeySize' minOccurs='0'
> >> type='xenc:KeySizeType'/>
> >> <any namespace='##other' minOccurs='0'
> >> maxOccurs='unbounded'/>
> >> </sequence>
> >> <attribute name='Algorithm' type='anyURI' use='required'/>
> >> </complexType>
> >
> >Ok, changed to ##any.
>
> If "##other" is changed to "##any", the schema becomes ambiguous because
> the KeySize element matches both <element> and <any>. It should be
> changed in another way.
Ah, drats, you are of course correct. (I find the deterministic content
model of XML Schema to be more of a hinderance than a feature; that's one
of the nice things about RelaxNG [1].)
[1] http://lists.oasis-open.org/archives/relax-ng/200106/msg00220.html
We have a couple of options:
1. (Make content ##any and rely upon comments or the text in the spec to
state that KeySize is always permitted.)
2. Better specify this element... is this what you want in principle?
xenc:KeySize? ( (ds:DigestMethod xenc:OAEPparams) | ##other))
I haven't tested this or included it in the spec yet.
<complexType name='EncryptionMethodType' mixed='true'>
<sequence>
<element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
<choice>
<sequence>
<element ref='ds:DigestMethod' minOccurs='0'/> -->
<element name='OAEPparams' minOccurs='0' type='base64Binary'/>
</sequence>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</choice>
</sequence>
<attribute name='Algorithm' type='anyURI' use='required'/>
</complexType>
> >> 2. With the following, either the DataReference or KeyReference
> >> element can be a child of the ReferenceList element. minOccurs="0"
> >> and maxOccurs
> >> ="unbounded" would be attributes of <choice>.
> >>
> >> <element name='ReferenceList'>
> >> <complexType>
> >> <choice>
> >> <element name='DataReference' type='xenc:ReferenceType'
> >> minOccurs='0' maxOccurs='unbounded'/>
> >> <element name='KeyReference' type='xenc:ReferenceType'
> >> minOccurs='0' maxOccurs='unbounded'/>
> >> </choice>
> >> </complexType>
> >> </element>
> >
> >So you wish to preclude a key found in an EncryptedKey from being used
> > to encrypt data *and* other keys? I presume so, and I've adopted your
> > structure below [1], but I guess we should make the minOccurs='1'? (No
> > sense having an empty ReferenceList?)
>
> Sorry for confusing you. I don't wish to preclude such a key use and
> don't see any problem if a key is used to encrypt both data and other
> keys.
I'm not sure if I'm still confused. I've just changed the spec to the
following: let me know the specific change you'd like to see if it is not
appropriate:
<element name='ReferenceList'>
<complexType>
<choice minOccurs='1' maxOccurs='unbounded'>
<element name='DataReference' type='xenc:ReferenceType'/>
<element name='KeyReference' type='xenc:ReferenceType'/>
</choice>
</complexType>
</element>
--
Joseph Reagle Jr. http://www.w3.org/People/Reagle/
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/
W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Wednesday, 27 March 2002 18:11:08 UTC