[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Is a single <Schema> element adequate?
Agree with Trevor, In the following snip either the client (inline) or the server (after receive) could add the 3 DTD lines below. This may again create angst for some implementations. Furthermore the 1st declaration line would not be allowed in XMLData as is. No amount of namespace provisioning will allow support for declaration and PI lines. Ed <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE Document [ <!ATTLIST Object Id ID #IMPLIED> ]> <Document> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> . . . -----Original Message----- From: Trevor Perrin [mailto:trevp@trevp.net] Sent: May 6, 2005 1:57 AM To: Tommy Lindberg Cc: dss@lists.oasis-open.org Subject: Re: [dss] Is a single <Schema> element adequate? Tommy Lindberg wrote: > Hi Trevor - > > I had accepted bloated payloads as a result of transfering schemas > inline :) I even wrote the code to do it, but based on what you are > saying it looks like I may have misunderstood the intended usage of > the <Schema> element. > > >>I think it's possible to chop down such a schema into a single one >>that contains everything needed? > > > I have never had to that. You wouldn't have an example handy? No - and I may be wrong. It might not be possible to define things in different namespaces with a single schema. Earlier, we used DTDs for this, which may be more flexible. See http://www.aleksey.com/xmlsec/faq.html, section 3.2, for an example. The server only needs to identify ID attributes in the situation where a <ds:Reference> uses a null URI and an XPointer expression, and the client doesn't pass the server the exact Input Documents that match the <ds:Reference>s (so the server has to resolve the <ds:Reference>s by itself). We could decide not to support that case, and require the client to always send Input Documents that match all the <ds:Reference>s. That may be more work for the client, and may result in larger protocol messages. Trevor > > Regards, > Tommy > > > On 5/5/05, Trevor Perrin <trevp@trevp.net> wrote: > >>Tommy Lindberg wrote: >> >>>The <Schema> element in DocumentBaseType and SignatureObject allows >>>for the optional transfer of a single XML Schema. This seems >>>inadequate >> >> > for some use cases such as verifying a signed XML instance that >> > pertains to a schema that in turn imports additional schemas. >> >>Hi Tommy, >> >>note that the schema is only needed in certain usage scenarios. In >>these scenarios, the schema identifies ID attributes so as to help the >>server resolve <ds:Reference>s. The schema doesn't have to be the >>full schema for the document. So even if the full schema imports >>other schemas, I think it's possible to chop down such a schema into a >>single one that contains everything needed? >> >>Trevor >> >>ps: When the <Schema> element is described in the core spec, it refers >>to "section 4.3, step 2". Those references should be changed to >>"section 4.3, step 1". >> > > --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]