Details

    • Proposal:
      Hide

      Include normative reference to an RNG schema for XML Digital Signatures if that get available by the W3C as an approved document. Because right now, such an approved RNG schema is not available, this issue can be resolved only in a future version of ODF.

      Show
      Include normative reference to an RNG schema for XML Digital Signatures if that get available by the W3C as an approved document. Because right now, such an approved RNG schema is not available, this issue can be resolved only in a future version of ODF.
    • Resolution:
      Hide

      The RNG schema mentioned in the comment is non normative, and for this reason cannot be referenced normatively.
      For ODF 1.2, a comment will be added to digital signature schema that refers to the restriction of the <ds:Signature> element in ODF 1.2 part 3.
      The TC will look for alternative resolutions for a post ODF 1.2 version (which includes but is not limited to referencing a normative RNG schema for W3C XML Digital Signatures (if this is available) or the use of NVDL).

      Show
      The RNG schema mentioned in the comment is non normative, and for this reason cannot be referenced normatively. For ODF 1.2, a comment will be added to digital signature schema that refers to the restriction of the <ds:Signature> element in ODF 1.2 part 3. The TC will look for alternative resolutions for a post ODF 1.2 version (which includes but is not limited to referencing a normative RNG schema for W3C XML Digital Signatures (if this is available) or the use of NVDL).

      Description

      Copied from office-comment list

      Original author: "MURATA Makoto (FAMILY Given)" <eb2m-mrt@asahi-net.or.jp>
      Original date: 17 Nov 2009 02:23:24 -0000
      Original URL: http://lists.oasis-open.org/archives/office-comment/200911/msg00002.html

        Attachments

          Activity

          Hide
          orcmid Dennis Hamilton (Inactive) added a comment -

          Michael Brauer comments: "While I really would like to be able to use the XSD schema here (or have a normative RNG schema), we can only use it if we switch to NVDL. That is something we considered to do for ODF-Next. "

          I don't understand the linkage with NVDL as a prerequisite for specifying a single-file schema. I can't see how this has any bearing on whether we use an RNG schema for ODF DSIG or an XML Schema for ODF DSIG. The problem seems to be invariant with respect to NVDL.

          My understanding: At the moment all we have schemas for is at most individual XML documents and there is nothing normative (in schema terms) beyond that. As well as I can tell (http://nvdl.org/), NVDL is about having a scripting language for certain kind of validations. I don't see how that presents a constraint on ODF specification, anymore than would a desire by developers or others to use some high-powered version of Schematron or the validation effort that Alex Brown is apparently carrying out at SC34.

          My confusion: I don't see how the existence of independent, schema-driven mechanical validators for instances is a condition on ODF 1.2 specifications. I also don't see how XML Schema instance validation is prevented if ODF DSIG is expressed in XML Schema, provided that the XML DSIG Schema can be invoked properly in an instance of ODF DSIG. (I thought using the namespace was sufficient, but I may be oversimplifying.)

          Show
          orcmid Dennis Hamilton (Inactive) added a comment - Michael Brauer comments: "While I really would like to be able to use the XSD schema here (or have a normative RNG schema), we can only use it if we switch to NVDL. That is something we considered to do for ODF-Next. " I don't understand the linkage with NVDL as a prerequisite for specifying a single-file schema. I can't see how this has any bearing on whether we use an RNG schema for ODF DSIG or an XML Schema for ODF DSIG. The problem seems to be invariant with respect to NVDL. My understanding: At the moment all we have schemas for is at most individual XML documents and there is nothing normative (in schema terms) beyond that. As well as I can tell ( http://nvdl.org/ ), NVDL is about having a scripting language for certain kind of validations. I don't see how that presents a constraint on ODF specification, anymore than would a desire by developers or others to use some high-powered version of Schematron or the validation effort that Alex Brown is apparently carrying out at SC34. My confusion: I don't see how the existence of independent, schema-driven mechanical validators for instances is a condition on ODF 1.2 specifications. I also don't see how XML Schema instance validation is prevented if ODF DSIG is expressed in XML Schema, provided that the XML DSIG Schema can be invoked properly in an instance of ODF DSIG. (I thought using the namespace was sufficient, but I may be oversimplifying.)
          Hide
          michael.brauer Michael Brauer (Inactive) added a comment -

          Dennis: The root element of a signature is dsig:document-signatures. This is an element that ODF defines. ODF uses Relax-NG as schema language.

          The child elements of that element are ds:Signature. These elements are defined by the XML-DSig specification. It uses XSD as schema language.

          That means, we indeed have to invoke XSD from within Relax-NG. That is not possible. There is no way to invoke an XSD schema from within an RNG schema. Namespaces don't do that.

          What one needs is a schema language on top of RNG and XSD, that allows to combine the two based on namespaces. That's exactly what NVDL does.

          Show
          michael.brauer Michael Brauer (Inactive) added a comment - Dennis: The root element of a signature is dsig:document-signatures. This is an element that ODF defines. ODF uses Relax-NG as schema language. The child elements of that element are ds:Signature. These elements are defined by the XML-DSig specification. It uses XSD as schema language. That means, we indeed have to invoke XSD from within Relax-NG. That is not possible. There is no way to invoke an XSD schema from within an RNG schema. Namespaces don't do that. What one needs is a schema language on top of RNG and XSD, that allows to combine the two based on namespaces. That's exactly what NVDL does.
          Hide
          orcmid Dennis Hamilton (Inactive) added a comment -

          Michael, my proposal was to use XML Schema for the <dsig:document-signatures> element just so that we could appeal to the XML-DSig specification for the actual signature element, <ds:SIgnature>. <dsig:document-signatures> is rather trivial, since it will typically only have one element as far as I can tell, even when in the file META-INF/documentsignatures.xml referred to in Part 1.

          This is an isolated simple case and doesn't defeat the Part 1 objective of only using RNG (except where it uses OWL, of course).

          Do you know of any implementation that supports more than one <ds:Signature> in a <dsig:document-signatures> root element? That should be a lot of fun if any one of them attempts to sign the META-INF/documentsignatures.xml file itself.

          Show
          orcmid Dennis Hamilton (Inactive) added a comment - Michael, my proposal was to use XML Schema for the <dsig:document-signatures> element just so that we could appeal to the XML-DSig specification for the actual signature element, <ds:SIgnature>. <dsig:document-signatures> is rather trivial, since it will typically only have one element as far as I can tell, even when in the file META-INF/documentsignatures.xml referred to in Part 1. This is an isolated simple case and doesn't defeat the Part 1 objective of only using RNG (except where it uses OWL, of course). Do you know of any implementation that supports more than one <ds:Signature> in a <dsig:document-signatures> root element? That should be a lot of fun if any one of them attempts to sign the META-INF/documentsignatures.xml file itself.
          Hide
          michael.brauer Michael Brauer (Inactive) added a comment - - edited

          The issue was discussed on the 22-02-10 TC meeting and the following resolution was agreed:

          The RNG schema mentioned in the comment is non normative, and for this reason cannot be referenced normatively.
          For ODF 1.2, a comment will be added to digital signature schema that refers to the restriction of the <ds:Signature> element in ODF 1.2 part 3.
          The TC will look for alternative resolutions for a post ODF 1.2 version (which includes but is not limited to referencing a normative RNG schema for W3C XML Digital Signatures (if this is available) or the use of NVDL).

          Show
          michael.brauer Michael Brauer (Inactive) added a comment - - edited The issue was discussed on the 22-02-10 TC meeting and the following resolution was agreed: The RNG schema mentioned in the comment is non normative, and for this reason cannot be referenced normatively. For ODF 1.2, a comment will be added to digital signature schema that refers to the restriction of the <ds:Signature> element in ODF 1.2 part 3. The TC will look for alternative resolutions for a post ODF 1.2 version (which includes but is not limited to referencing a normative RNG schema for W3C XML Digital Signatures (if this is available) or the use of NVDL).
          Hide
          michael.brauer Michael Brauer (Inactive) added a comment -

          Correction will appear in OpenDocument-dsig-schema-v1.2-cd01-rev01

          Show
          michael.brauer Michael Brauer (Inactive) added a comment - Correction will appear in OpenDocument-dsig-schema-v1.2-cd01-rev01

            People

            • Assignee:
              michael.brauer Michael Brauer (Inactive)
              Reporter:
              rcweir Robert Weir (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: