[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [dss] Public comment: OASIS-DSS Exclusive Canonicalization and ValidationErrors (Unique Particle Attribution)
|
Dear all, I'd like two mention two points, the first one concerning namespaces and the second one concerning schema validation. First, from my point of view there exist ambiguities concerning namespaces and the signing of <dss:XMLData>, if canonical xml and not exclusive canonical xml is used in Point 3.3 1a. (Basic Processing for XML Signatures. The same is probably true for 3.4 1a, if a DOM based parser is used extract the info from inside <dss:XMLData>.) My questions are: * Is it desirable that the following namespace declaration will be signed with the xml data inside <dss:XMLData> as it is in scope of the dss:XMLData Element? xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-30.xsd" Hence other namespace declarations that might be used inside the OASIS-DSS-CORE protocol will sneak into the signature as well and the signature would not verify any more as soon as the namespace declaration would for example change to xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-31.xsd" and the original document would not redeclare the namspace to the namespace it was signed under. * Wouldn't the use exclusive canonical xml instead of plain canonical xml solve this problem? Second, when I try to validate the OASIS-DSS-Core Schema I get the following errors caused by <dss:Document> and <xs:any> inside the choice of <dss:InputDocuments>, <ds:Signature> and <xs:any> inside the choice of <dss:SignatureObject>, <ds:KeyInfo> and <xs:any> inside the choice of <dss:KeySelector>, <ds:Signature> and <xs:any> inside the choice of <dss:TimeStamp>. These (or elements from their substitution group) violate "Unique Particle Attribution" during validation against the xml schema specification and ambiguity would be created for those particles. The schema to be verified is oasis-dss-1.0-core-schema-cd-02.xsd and it was verified against xmlschema. An explanation for the error can be found at http://www.w3.org/TR/xmlschema-1/#cos-nonambig. Best regards Konrad Lanz --------------- P.S.: Further I found the following minor errors in the document oasis-dss-1.0-core-spec-cd-02.pdf: Section 4.3 Point 3. line 980 typo "have have" Section 9.1 References Normative line 1600 [XMLSig] D. Eastlake et al. XML-Signature Syntax and Processing. W3C Recommendation, February 2002. http://www.w3.org/TR/1999/REC-xml-names-19990114 Here the URL might be wrong: The correct one might be http://www.w3.org/TR/xmldsig-core/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]