dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] FW: DSS RequestBaseType and VerifyRequest

From: Tommy Lindberg <tommy.lindberg@gmail.com>
To: Nick Pope <pope@secstan.com>
Date: Mon, 30 Jan 2006 13:45:55 +0000

For some reason, <InputDocuments> became a required element in RequestBaseType in wd35a,
at least in the document - I don't have a corresponding schema. Line 684 suggests that an
optional <InputDocuments> was perhaps intended here. Carlos González-Cadenas also indicates
that <InputDocuments> used to be optional in RequestBaseType in wd34.) In any case:

Line numbers and schema fragments pertain to oasis-dss-1.0-core-spec-wd-37.pdf and
dss-v1.0-core-schema-cd-r03.xsd respectively.

The <InputDocuments> element could be pushed back down to <SignRequest> and <VerifyRequest>:

<xs:complexType name="RequestBaseType">
<xs:sequence>
    <xs:element ref="dss:OptionalInputs" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="optional"/>
</xs:complexType>

<xs:element name="SignRequest">
<xs:complexType>
    <xs:complexContent>
      <xs:extension base="dss:RequestBaseType">
    <xs:element ref="dss:InputDocuments"/>
        </xs:sequence>
      </xs:extension>
    </xs:complexContent>
</xs:complexType>
</xs:element>

<xs:element name="VerifyRequest">
<xs:complexType>
    <xs:complexContent>
      <xs:extension base="dss:RequestBaseType">
        <xs:sequence>
    <xs:element ref="dss:InputDocuments" minOccurs="0"/>
          <xs:element ref="dss:SignatureObject" minOccurs="0"/>
        </xs:sequence>
      </xs:extension>
    </xs:complexContent>
</xs:complexType>
</xs:element>

This seems like overkill, though, and I would personally be happy enough with keeping
<dss:InputDocuments> optional in RequestBaseType and add normative text to section 3.1 to
REQUIRE its presence in the case of a <SignRequest>:

<xs:complexType name="RequestBaseType">
<xs:sequence>
    <xs:element ref="dss:OptionalInputs" minOccurs="0"/>
    <xs:element ref="dss:InputDocuments" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="RequestID" type="xs:string" use="optional"/>
<xs:attribute name="Profile" type="xs:anyURI" use="optional"/>
</xs:complexType>

Line 745 should be changed to say <InputDocuments> [Optional] to indicate that this is an
optional element in the *schema* which is then overridden by normative text on line 746 that might
look something like this:

"The input documents which the signature will be calculated over. This element, while optional in
RequestAbstractType, is REQUIRED for the <SignRequest> element."

I also note that section 3.1 and section 4.1 take different approaches in documenting
RequestBaseType. Either is fine but it should be consistent; personally I prefer to not
re-document attributes and elements if they are already described in a (super) type; unless it
adds clarity.

Regards,
Tommy

On 1/27/06, Tommy Lindberg <tommy.lindberg@gmail.com> wrote:

Minor correction:
> RequestAbstractType
Similar things are called differently in different specs; I meant RequestBaseType of course.

On 1/27/06, Tommy Lindberg < tommy.lindberg@gmail.com> wrote:
In an earlier version of the schema, i.e. pre RequestAbstractType, the cardinality for InputDocuments as it appears in SignRequest and VerifyRequest, differ. One way to handle this is to push InputDocuments back down in the hierarchy, but I'll check if there are any options.

Regards,
Tommy

On 1/27/06, Nick Pope <pope@secstan.com> wrote:

Tommy, Andreas,

Is this something we missed in defining RequestBaseType?

Nick

-----Original Message-----
From: Carlos González-Cadenas [mailto:gonzalezcarlos@netfocus.es]
Sent: 26 January 2006 17:43
To: 'Nick Pope'
Subject: DSS RequestBaseType and VerifyRequest

Nick,

In the RequestBaseType definition from the DSS Core 3, the element InputDocuments is mandatory. As VerifyRequest extends from RequestBaseType, it's mandatory to include at least one input document. This excludes the case of enveloping (an XML Signature with a reference to objects contained in ds:Objects) and attached (i.e. an CMS Signature with encapsulated content) signatures, where just a dss:Signature object would be sufficient.

I see that in former documents (i.e. wd34), RequestBaseType contained

< xs:element name ="RequestBaseType" abstract=" true">

< xs:sequence>

< xs:element ref=" dss:OptionalInputs" minOccurs="0 "/>

< xs:element ref=" dss:InputDocuments" minOccurs="0 "/>

</ xs:sequence>

< xs:attribute name ="RequestID" type=" xs:string"

use ="optional"/>

< xs:attribute name ="Profile" type=" xs:anyURI" use=" optional"/>

</ xs:element>

therefore allowing optionally the inputdocuments.

Is it only an editorial issue or maybe do you plan to handle these cases differently?.

Many thanks in advance,

Carlos

Carlos González-Cadenas
Chief Security Officer

Diagonal 188-198 Planta 2
08018 Barcelona
tel: 902 303 393
fax: 902 303 394
gonzalezcarlos@netfocus.es
www.netfocus.es

References:
- FW: DSS RequestBaseType and VerifyRequest
  - From: "Nick Pope" <pope@secstan.com>
- Re: [dss] FW: DSS RequestBaseType and VerifyRequest
  - From: Tommy Lindberg <tommy.lindberg@gmail.com>
- Re: [dss] FW: DSS RequestBaseType and VerifyRequest
  - From: Tommy Lindberg <tommy.lindberg@gmail.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]