Zhiwu Xie wrote:
> 1. A question about "keyInformation".
> XML signature defines a keyInfoType, which is an open architecture that
> allows the user to choose from some exisitng key schemas or define their
> own (there is a "any" element to choose from). This seems very suitable
> for our use. However the PREMIS data dictionary proposed another
> keyInformation element structure. With this structure it is difficult to
> record some well-established key structure such as x.509 or PGP. Is
> there any way that we can make use of the XML signature keyInfoType in
The keyInformation structure in PREMIS was supposed to be a more
generalized version of the XML signatures schema. Remember, we first
developed the Data Dictionary, and the Schema followed. In an early
proposal by Andrea Goethals, all the elements in all the various key
structures were included. When the group reviewed that, we didn't want
to have so many elements, so we ended up defining 3: the type of key,
the value of the key, and everything else. It is in the
keyVerificationInformation where most of the x.509 or PGP key structure
would go. They expectation was that users would map over elements from
those structures as required.
Though this made some sense from a Data Dictionary point of view, it's
less generalized from a schema point of view, where the keyInfoType in
XML signatures really gives you maximum flexibility. Do you think it
would have been better if we'd just defined an unstructured keyInfo on
which users could overlay in effect the established key structures?
> 2. An implementation question.
> I read through the sections about the digital signature, esp p. 4-6 to
> 4-8. In page 2-54 the usage notes said several components were taken fom
> XML signature but did not specify which. This question is just to
> confirm that the following elements are taken directly from XML
> signature therefore the schema shall import XML signature types to
> validate them: