From: Carlos Gonzαlez-Cadenas [mailto:gonzalezcarlos@netfocus.es]
Sent: 26 January 2006 17:43
To: 'Nick Pope'
Subject: DSS RequestBaseType and VerifyRequest
Nick,
In the
RequestBaseType definition from the DSS Core 3, the element InputDocuments is
mandatory. As VerifyRequest extends from RequestBaseType, its mandatory to
include at least one input document. This excludes the case of enveloping (an
XML Signature with a reference to objects contained in ds:Objects) and attached (i.e. an CMS Signature with
encapsulated content) signatures, where just a dss:Signature object would be
sufficient.
I see that
in former documents (i.e. wd34), RequestBaseType contained
<xs:element name=RequestBaseType
abstract=true>
<xs:sequence>
<xs:element
ref=dss:OptionalInputs minOccurs=0/>
<xs:element
ref=dss:InputDocuments minOccurs=0/>
</xs:sequence>
<xs:attribute name=RequestID
type=xs:string
use=optional/>
<xs:attribute name=Profile
type=xs:anyURI
use=optional/>
</xs:element>
therefore allowing
optionally the inputdocuments.
Is it only
an editorial issue or maybe do you plan to handle these cases differently?.
Many
thanks in advance,
Carlos
Carlos
Gonzαlez-Cadenas
Chief
Security Officer
Diagonal 188-198 Planta
2
08018 Barcelona
tel: 902 303 393
fax: 902 303
394
gonzalezcarlos@netfocus.es
www.netfocus.es