[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
RE: [xml-dev] Is the XML Schema for XML Digital Signatures needed?
- From: "Costello, Roger L." <costello@mitre.org>
- To: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
- Date: Fri, 27 Jul 2018 18:36:40 +0000
Hi Liam,
Suppose that I have this XML instance document:
<Document>
<foo>abc</foo>
<ds:Signature xmlns:ds="...">
...
</ds:Signature>
</Document>
My argument says that, an XML Schema for <Document> should simply use an <xs:any namespace="http://www.w3.org/2000/09/xmldsig#"; /> element where the digital signature is to occur:
<xs:element name="Document">
<xs:complexType>
<xs:sequence>
<xs:element name="foo" type="xs:string" />
<!-- Put your XML Digital Signature here, but I ain't gonna schema-validate it! -->
<xs:any namespace="http://www.w3.org/2000/09/xmldsig#"; />
</xs:sequence>
</xs:complexType>
</xs:element>
My argument says, don't do this:
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#";
schemaLocation="xmldsig.xsd"/>
<xs:element name="Document">
<xs:complexType>
<xs:sequence>
<xs:element name="foo" type="xs:string" />
<xs:element ref="ds:Signature" /> <!-- Validate against the XML Schema for xmldigsig -->
</xs:sequence>
</xs:complexType>
</xs:element>
My argument is that the digsig tools will ensure that the signature is correct, so don't bother validating against the XML Schema for xmldigsig.
Do you buy that argument?
/Roger
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
