Re: [dss] Is a single <Schema> element adequate?

[Tommy Lindberg <tommy.lindberg@gmail.com>]

Hi Trevor - 

> I think the possible solutions are:
> 1) go back to using <DTD>
> 2) add multiple <Schema>
> 3) not support server resolving <ds:Reference>s
>
> I'd vote for 3.

Given the above options, I'd support 2.  The update would be minimal,
involving a multiplicity
change, the only downside being somewhat bloated payloads.  Passing
Schema in band may well be a corner case (e.g. a verification service
may be preloaded with schema's for document instances it intends
verifying, therefore alleviating the need for this) , but when
required, it should allow for completeness.

Regards,
Tommy

On 5/10/05, Trevor Perrin <trevp@trevp.net> wrote:
> Tommy Lindberg wrote:
> > I whipped up, and attach, an example in an attempt to further
> > illustrate my point with the <Schema> element.
> >
> > I can't see how a single <Schema> element could provide the server
> > with information about both ID attributes;  I can see how to do it
> > with more than one .
> 
> Agreed.
> 
> 
> > On 5/6/05, Edward Shallow <ed.shallow@rogers.com> wrote:
> >
> >>Agree with Trevor,
> >>
> >>In the following snip either the client (inline) or the server (after
> >>receive) could add the 3 DTD lines below.
> >>
> >>This may again create angst for some implementations. Furthermore the 1st
> >>declaration line would not be allowed in XMLData as is. No amount of
> >>namespace provisioning will allow support for declaration and PI lines.
> >>
> >>Ed
> >>
> >><?xml version="1.0" encoding="UTF-8"?>
> >><!DOCTYPE Document [
> >><!ATTLIST Object Id ID #IMPLIED>
> >>]>
> >><Document>
> >>        <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
> 
> Before we had <Schema>, we had a <DTD> element that was base64 encoded.
>      The DTD wasn't sent as part of the Input Document.
> 
> I think the possible solutions are:
> 1) go back to using <DTD>
> 2) add multiple <Schema>
> 3) not support server resolving <ds:Reference>s
> 
> I'd vote for 3.
> 
> Trevor
> 
> 
> >>
> >>.
> >>.
> >>.
> >>
> >>-----Original Message-----
> >>From: Trevor Perrin [mailto:trevp@trevp.net]
> >>Sent: May 6, 2005 1:57 AM
> >>To: Tommy Lindberg
> >>Cc: dss@lists.oasis-open.org
> >>Subject: Re: [dss] Is a single <Schema> element adequate?
> >>
> >>Tommy Lindberg wrote:
> >>
> >>>Hi Trevor -
> >>>
> >>>I had accepted bloated payloads as a result of transfering schemas
> >>>inline :) I even wrote the code to do it, but based on what you are
> >>>saying it looks like I may have misunderstood the intended usage of
> >>>the <Schema> element.
> >>>
> >>>
> >>>
> >>>>I think it's possible to chop down such a schema into a single one
> >>>>that contains everything needed?
> >>>
> >>>
> >>>I have never had to that. You wouldn't have an example handy?
> >>
> >>No - and I may be wrong.  It might not be possible to define things in
> >>different namespaces with a single schema.
> >>
> >>Earlier, we used DTDs for this, which may be more flexible.  See
> >>http://www.aleksey.com/xmlsec/faq.html, section 3.2, for an example.
> >>
> >>The server only needs to identify ID attributes in the situation where a
> >><ds:Reference> uses a null URI and an XPointer expression, and the client
> >>doesn't pass the server the exact Input Documents that match the
> >><ds:Reference>s (so the server has to resolve the <ds:Reference>s by
> >>itself).
> >>
> >>We could decide not to support that case, and require the client to always
> >>send Input Documents that match all the <ds:Reference>s.  That may be more
> >>work for the client, and may result in larger protocol messages.
> >>
> >>Trevor
> >>
> >>
> >>>Regards,
> >>>Tommy
> >>>
> >>>
> >>>On 5/5/05, Trevor Perrin <trevp@trevp.net> wrote:
> >>>
> >>>
> >>>>Tommy Lindberg wrote:
> >>>>
> >>>>
> >>>>>The <Schema> element in DocumentBaseType and SignatureObject allows
> >>>>>for the optional transfer of a single XML Schema. This seems
> >>>>>inadequate
> >>>>
> >>>>>for some use cases such as verifying a signed XML instance that
> >>>>>pertains to a schema that in turn imports additional schemas.
> >>>>
> >>>>Hi Tommy,
> >>>>
> >>>>note that the schema is only needed in certain usage scenarios.  In
> >>>>these scenarios, the schema identifies ID attributes so as to help the
> >>>>server resolve <ds:Reference>s.  The schema doesn't have to be the
> >>>>full schema for the document.  So even if the full schema imports
> >>>>other schemas, I think it's possible to chop down such a schema into a
> >>>>single one that contains everything needed?
> >>>>
> >>>>Trevor
> >>>>
> >>>>ps: When the <Schema> element is described in the core spec, it refers
> >>>>to "section 4.3, step 2".  Those references should be changed to
> >>>>"section 4.3, step 1".
> >>>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe from this mail list, you must leave the OASIS TC that
> >>generates this mail.  You may a link to this group and all your TCs in OASIS
> >>at:
> >>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> >>
> >>
> >>