OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x] Which XSD version to use for the "Comprehensive Multi-Signature Verification Reports" profile?

A wonderful european morning to everyone,

my tool of choice (oxygen) has a problem with https located schemas, that is why the oasis admin triggered moved permanently HTTP/301 makes a difference I guess, since if I add the "s" it still (after clearing the validation cache) notes, that "failed to read schema document".

The main problem (I remember now!) is, that our DSS lives long enough to participate in the dependency version nightmare of xml schema import assemblage ;-)

SAML did update to v2.0 long ago and they do not offer v1.1 at the normal access /namespace point below

I think we should not poison our schemas with these dangling intermediaries like http://www.oasis-open.org/committees/download.php/3408/* since persistence in OASIS rules is more meant as a contract to society not to machines, like one experiences in this case.

The main point (unresolved in the past) seems to be, that we do not know nor decided if we could skip the version 1 reference.

I know, that we had problems tracing "moved/changed" names in SAML v1->2 in the past, but this should IMO be accomplished.

The fear, that existing users/"customers" still rely on SAML v1, SHOULD we ignore it, and go forward?

What do you think? We already have the SAML v2 ref in there ...

All the best,
Am 20.09.12 08:10, schrieb Stefan Drees:
Am 19.09.12 20:35, schrieb Cornelis Frank:

mmm... didn't know that there was a cd02. I'm still using cd1 in the

but as cd02 is only adding a few elements, cd1 should be compatible
with cd02 right?

but when you validate the one Ernst Jan named harvested as *cd02.xsd you
receive teh notification, that the SAMLv1 reference is not resolved:

<import namespace="urn:oasis:names:tc:SAML:1.0:assertion"
     schemaLocation="http://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd"; />

Argh, persistence is not allways machine-readable (since the document
moved and the notice is per html and not of course per "W3C Schema
language" :-)

Upon resolving the URL you receive (vie curl -O, not the browser, which
follows silently ...):
Cite "
<title>301 Moved Permanently</title>
<h1>Moved Permanently</h1>
<p>The document has moved <a

<address>Apache/2.2.9 (Debian) mod_jk/1.2.26 mod_python/3.3.1
Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at www.oasis-open.org
Port 80</address>

Ok, whatever, I think we should update the URL inside the schema CD03 at
least as a CD03 or so to

I think SAML committee update version 1.0 to version 1.1 and effectively
dumped the 1.0 by a redirect. I wonder, if we are the first to notice,
but I guess not.

All the bets,

Van: dss-x@lists.oasis-open.org [dss-x@lists.oasis-open.org] namens
Ernst Jan van Nigtevecht [EJvN@Sonnenglanz.net]
Verzonden: woensdag 19 september 2012 15:19
Aan: dss-x@lists.oasis-open.org
Onderwerp: [dss-x] Which XSD version to use for the "Comprehensive
Multi-Signature Verification Reports" profile?

The document of the "Comprehensive Multi-Signature Verification
Reports" profile refers to an XSD, as follows:
[DSSVR-XSD]        D. Hühnlein, I. Henkel, J. C. Cruellas, S. Drees,
A. Kuehne, et. al.: “DSS Verification Report Schema”, July 2009

The comment within that XSD states:
Version corresponding to CD1, 2009-06-24

But there is a newer version available if we look into:
31-Jul-2009 09:02       27k

04-Nov-2010 12:26

At the website another XSD is referenced:

Which is not the same as the VerificationReport-CD1.xsd

1) Website refers to: oasis-dssx-1.0-profiles-vr-cd1.xsd ("Version
corresponding to CD1, 2009-07-19 "), 31-Jul-2009
2) Document (CS1) refers to: VerificationReport-CD1.xsd ("Version
corresponding to CD1, 2009-06-24"),
3) Folder contains oasis-dssx-1.0-profiles-vr-cd02.xsd ("Version
corresponding to CS1, 2010-09-27"), 4-Nov-2010

The target namespace used by the website XSD contains "dss-x", which
is not the case for the XSD reference by the document.
The other differences between 1 and 2 are only related to formatting.

The main difference between 1 and 3 is the introduction of
1:     <element name="TSLValidity"
type="vr:TrustStatusListValidityType" maxOccurs="1"   minOccurs="0"/>
3:    <element name="TSLValidity" type="dss:AnyType" maxOccurs="1"

==> Which XSD should be the reference XSD?

I would say the one from 4 nov 2010. But that one is not referenced by
the documentation in the CS from nov 2010 nor by the website...


Ernst Jan

To unsubscribe, e-mail: dss-x-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: dss-x-help@lists.oasis-open.org

Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]