[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x] Which XSD version to use for the "Comprehensive Multi-Signature Verification Reports" profile?
A wonderful european morning to everyone,my tool of choice (oxygen) has a problem with https located schemas, that is why the oasis admin triggered moved permanently HTTP/301 makes a difference I guess, since if I add the "s" it still (after clearing the validation cache) notes, that "failed to read schema document".
The main problem (I remember now!) is, that our DSS lives long enough to participate in the dependency version nightmare of xml schema import assemblage ;-)
SAML did update to v2.0 long ago and they do not offer v1.1 at the normal access /namespace point below
http://docs.oasis-open.org/security/saml/I think we should not poison our schemas with these dangling intermediaries like http://www.oasis-open.org/committees/download.php/3408/* since persistence in OASIS rules is more meant as a contract to society not to machines, like one experiences in this case.
The main point (unresolved in the past) seems to be, that we do not know nor decided if we could skip the version 1 reference.
I know, that we had problems tracing "moved/changed" names in SAML v1->2 in the past, but this should IMO be accomplished.
The fear, that existing users/"customers" still rely on SAML v1, SHOULD we ignore it, and go forward?
What do you think? We already have the SAML v2 ref in there ... All the best, Stefan. Am 20.09.12 08:10, schrieb Stefan Drees:
Am 19.09.12 20:35, schrieb Cornelis Frank:mmm... didn't know that there was a cd02. I'm still using cd1 in the eID DSS: http://code.google.com/p/eid-dss/source/browse/trunk/eid-dss-ws/src/main/resources/oasis-dssx-1.0-profiles-vr-cd1.xsd but as cd02 is only adding a few elements, cd1 should be compatible with cd02 right?but when you validate the one Ernst Jan named harvested as *cd02.xsd you receive teh notification, that the SAMLv1 reference is not resolved: <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="http://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd" /> Argh, persistence is not allways machine-readable (since the document moved and the notice is per html and not of course per "W3C Schema language" :-) Upon resolving the URL you receive (vie curl -O, not the browser, which follows silently ...): Cite " <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd">here</a>.</p> <hr> <address>Apache/2.2.9 (Debian) mod_jk/1.2.26 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at www.oasis-open.org Port 80</address> </body></html> " Ok, whatever, I think we should update the URL inside the schema CD03 at least as a CD03 or so to "https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-protocol-1.1.xsd" I think SAML committee update version 1.0 to version 1.1 and effectively dumped the 1.0 by a redirect. I wonder, if we are the first to notice, but I guess not. All the bets, Stefan.________________________________________ Van: firstname.lastname@example.org [email@example.com] namens Ernst Jan van Nigtevecht [EJvN@Sonnenglanz.net] Verzonden: woensdag 19 september 2012 15:19 Aan: firstname.lastname@example.org Onderwerp: [dss-x] Which XSD version to use for the "Comprehensive Multi-Signature Verification Reports" profile? The document of the "Comprehensive Multi-Signature Verification Reports" profile refers to an XSD, as follows: [DSSVR-XSD] D. Hühnlein, I. Henkel, J. C. Cruellas, S. Drees, A. Kuehne, et. al.: “DSS Verification Report Schema”, July 2009 http://www.oasis-open.org/committees/download.php/33059/VerificationReport-CD1.xsd The comment within that XSD states: Version corresponding to CD1, 2009-06-24 But there is a newer version available if we look into: http://docs.oasis-open.org/dss-x/profiles/verificationreport/ oasis-dssx-1.0-profiles-vr-cd1.xsd<http://docs.oasis-open.org/dss-x/profiles/verificationreport/oasis-dssx-1.0-profiles-vr-cd1.xsd> 31-Jul-2009 09:02 27k oasis-dssx-1.0-profiles-vr-cd02.xsd<http://docs.oasis-open.org/dss-x/profiles/verificationreport/oasis-dssx-1.0-profiles-vr-cd02.xsd> 04-Nov-2010 12:26 At the website another XSD is referenced: http://docs.oasis-open.org/dss-x/profiles/verificationreport/oasis-dssx-1.0-profiles-vr-cd1.xsd Which is not the same as the VerificationReport-CD1.xsd Summary: 1) Website refers to: oasis-dssx-1.0-profiles-vr-cd1.xsd ("Version corresponding to CD1, 2009-07-19 "), 31-Jul-2009 2) Document (CS1) refers to: VerificationReport-CD1.xsd ("Version corresponding to CD1, 2009-06-24"), 3) Folder contains oasis-dssx-1.0-profiles-vr-cd02.xsd ("Version corresponding to CS1, 2010-09-27"), 4-Nov-2010 The target namespace used by the website XSD contains "dss-x", which is not the case for the XSD reference by the document. The other differences between 1 and 2 are only related to formatting. The main difference between 1 and 3 is the introduction of 1: <element name="TSLValidity" type="vr:TrustStatusListValidityType" maxOccurs="1" minOccurs="0"/> 3: <element name="TSLValidity" type="dss:AnyType" maxOccurs="1" minOccurs="0"/> ==> Which XSD should be the reference XSD? I would say the one from 4 nov 2010. But that one is not referenced by the documentation in the CS from nov 2010 nor by the website... Regards Ernst Jan --------------------------------------------------------------------- To unsubscribe, e-mail: email@example.com For additional commands, e-mail: firstname.lastname@example.org
Description: S/MIME Kryptografische Unterschrift