Re: [office-comment] Signature validity / schema avoidance (ODF 1.2 Part 3 Draft 12)

[Bob Jolliffe <bobjolliffe@gmail.com>]

Hi Alex

I understand the problem but it is not easily resolvable.  I think the point is that an ODF document is not required to have a digital signature.  But if it does then it must use the <xmldsig:Signature>
element as defined by the [xmldsig-core] specification.

Now one could argue, as you do, that the proper thing to do would be to include the xmldsig relaxng schema as part of the odf schema accompanying the standard.  I can see the logic in that though it does seem to be a cumbersome addition to the normative text and unfortunately it wouldn't even entirely solve the problem.

XML DSIG itself has an optional Object element which is designed as an extension point for the basic DSIG, as used by XaDES for example.  So if we were to include the XML DSIG relaxng schema [http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/] we would still have included from that.:

--- snip ---
Object = element ds:Object {
   attribute Id { xsd:ID }?,
   attribute MimeType { xsd:string }?,
   attribute Encoding { xsd:anyURI }?,
   (anyElement|text)*
}
.....
# Definitions for the *any* wild card and the *any other* wildcard

anyAttribute = attribute * { text }

anyElement = element * { (anyAttribute | text | anyElement)* }

anyOtherElement = element * - ds:* { (anyAttribute | text | anyOtherElement)* }

--- end snip ---
 
So any application which makes use of xmldsig inherits this openendedness.  Now granted the motivation is different.  For ODF the motivation in your words is "laziness".  For Object they really do intend not to place restrictions on its possible content.  But I am sure this too has implications for the validation of uniqueness of xml:id's for example.

Having said that, the obvious thing for any application which is implementing digital signatures within ODF to do would be to include the xmldsig schema.  But I'm not convinced that it is necessary to include it in the annexe which is used to describe ODF.  I suppose it really does come down to the purpose of a schema accompanying a standard and, given the other discussion around copyright for schema documents, it sometimes seems far from obvious.

Regards
Bob

2009/10/17 Alex Brown <alexb@griffinbrown.co.uk>

Bob hi

 

But the schema contradicts that statement. How do you get an ID-typed attribute onto that element with the current schema? Validation is necessary to perform the typing operation.

 

Also, an element may be valid independent of whether its descendant elements are valid – so I don’t agree this is “explicit” – quite the opposite!

 

- Alex.

 

From: Bob Jolliffe [mailto:bobjolliffe@gmail.com]
Sent: 17 October 2009 22:06
To: Alex Brown
Cc: office-comment@lists.oasis-open.org
Subject: Re: [office-comment] Signature validity / schema avoidance (ODF 1.2 Part 3 Draft 12)

 

Hi Alex

I think section 5.3 is quite explicit:

"The <xmldsig:Signature> element is defined by the [xmldsig-core] specification."

Agreed that saying in the schema "anything is allowed within a xmldsig:Signature element" could be misconstrued.  Obviously what is meant is that this schema will not attempt to validate it.  But the I think the Part 3 is pretty clear on what is expected.

Regards, Bob

 

 

2009/10/17 Alex Brown <alexb@griffinbrown.co.uk>

Dear all,

The dsig schema contains the following comment

<!-- To avoid inclusion of the complete XMLDSIG schema, anything -->
<!-- is allowed within a xmldsig:Signature element               -->

Why is "avoiding inclusion" a goal?

Nowhere is it stated that the content of these subtrees must be valid to
the W3C schema.

- Alex.

--
This publicly archived list offers a means to provide input to the
OASIS Open Document Format for Office Applications (OpenDocument) TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: office-comment-subscribe@lists.oasis-open.org
Unsubscribe: office-comment-unsubscribe@lists.oasis-open.org
List help: office-comment-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/office-comment/
Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=office