[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Is a single <Schema> element adequate?
Hi Trevor - > I think the possible solutions are: > 1) go back to using <DTD> > 2) add multiple <Schema> > 3) not support server resolving <ds:Reference>s > > I'd vote for 3. Given the above options, I'd support 2. The update would be minimal, involving a multiplicity change, the only downside being somewhat bloated payloads. Passing Schema in band may well be a corner case (e.g. a verification service may be preloaded with schema's for document instances it intends verifying, therefore alleviating the need for this) , but when required, it should allow for completeness. Regards, Tommy On 5/10/05, Trevor Perrin <trevp@trevp.net> wrote: > Tommy Lindberg wrote: > > I whipped up, and attach, an example in an attempt to further > > illustrate my point with the <Schema> element. > > > > I can't see how a single <Schema> element could provide the server > > with information about both ID attributes; I can see how to do it > > with more than one . > > Agreed. > > > > On 5/6/05, Edward Shallow <ed.shallow@rogers.com> wrote: > > > >>Agree with Trevor, > >> > >>In the following snip either the client (inline) or the server (after > >>receive) could add the 3 DTD lines below. > >> > >>This may again create angst for some implementations. Furthermore the 1st > >>declaration line would not be allowed in XMLData as is. No amount of > >>namespace provisioning will allow support for declaration and PI lines. > >> > >>Ed > >> > >><?xml version="1.0" encoding="UTF-8"?> > >><!DOCTYPE Document [ > >><!ATTLIST Object Id ID #IMPLIED> > >>]> > >><Document> > >> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> > > Before we had <Schema>, we had a <DTD> element that was base64 encoded. > The DTD wasn't sent as part of the Input Document. > > I think the possible solutions are: > 1) go back to using <DTD> > 2) add multiple <Schema> > 3) not support server resolving <ds:Reference>s > > I'd vote for 3. > > Trevor > > > >> > >>. > >>. > >>. > >> > >>-----Original Message----- > >>From: Trevor Perrin [mailto:trevp@trevp.net] > >>Sent: May 6, 2005 1:57 AM > >>To: Tommy Lindberg > >>Cc: dss@lists.oasis-open.org > >>Subject: Re: [dss] Is a single <Schema> element adequate? > >> > >>Tommy Lindberg wrote: > >> > >>>Hi Trevor - > >>> > >>>I had accepted bloated payloads as a result of transfering schemas > >>>inline :) I even wrote the code to do it, but based on what you are > >>>saying it looks like I may have misunderstood the intended usage of > >>>the <Schema> element. > >>> > >>> > >>> > >>>>I think it's possible to chop down such a schema into a single one > >>>>that contains everything needed? > >>> > >>> > >>>I have never had to that. You wouldn't have an example handy? > >> > >>No - and I may be wrong. It might not be possible to define things in > >>different namespaces with a single schema. > >> > >>Earlier, we used DTDs for this, which may be more flexible. See > >>http://www.aleksey.com/xmlsec/faq.html, section 3.2, for an example. > >> > >>The server only needs to identify ID attributes in the situation where a > >><ds:Reference> uses a null URI and an XPointer expression, and the client > >>doesn't pass the server the exact Input Documents that match the > >><ds:Reference>s (so the server has to resolve the <ds:Reference>s by > >>itself). > >> > >>We could decide not to support that case, and require the client to always > >>send Input Documents that match all the <ds:Reference>s. That may be more > >>work for the client, and may result in larger protocol messages. > >> > >>Trevor > >> > >> > >>>Regards, > >>>Tommy > >>> > >>> > >>>On 5/5/05, Trevor Perrin <trevp@trevp.net> wrote: > >>> > >>> > >>>>Tommy Lindberg wrote: > >>>> > >>>> > >>>>>The <Schema> element in DocumentBaseType and SignatureObject allows > >>>>>for the optional transfer of a single XML Schema. This seems > >>>>>inadequate > >>>> > >>>>>for some use cases such as verifying a signed XML instance that > >>>>>pertains to a schema that in turn imports additional schemas. > >>>> > >>>>Hi Tommy, > >>>> > >>>>note that the schema is only needed in certain usage scenarios. In > >>>>these scenarios, the schema identifies ID attributes so as to help the > >>>>server resolve <ds:Reference>s. The schema doesn't have to be the > >>>>full schema for the document. So even if the full schema imports > >>>>other schemas, I think it's possible to chop down such a schema into a > >>>>single one that contains everything needed? > >>>> > >>>>Trevor > >>>> > >>>>ps: When the <Schema> element is described in the core spec, it refers > >>>>to "section 4.3, step 2". Those references should be changed to > >>>>"section 4.3, step 1". > >>>> > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe from this mail list, you must leave the OASIS TC that > >>generates this mail. You may a link to this group and all your TCs in OASIS > >>at: > >>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >> > >> > >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]