using nvdl with xml signatures
DESCRIPTION
Using NVDL with XML Signatures. Rob Miller. What is NVDL?. NVDL = Namespace-based Validation Dispatching Language NVDL is an XML technology NVDL is an ISO standard - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/1.jpg)
1
Using NVDL withXML Signatures
Rob Miller
![Page 2: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/2.jpg)
2
What is NVDL?
• NVDL = Namespace-based Validation Dispatching Language
• NVDL is an XML technology
• NVDL is an ISO standard
• NVDL enables you to independently develop data, then assemble the data into a single document, and then validate that compound document
![Page 3: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/3.jpg)
3
Example
![Page 4: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/4.jpg)
4
Scenario:
![Page 5: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/5.jpg)
5
You've created an XML Schema to
track moving targets
![Page 6: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/6.jpg)
6
MovingTarget
Schema
![Page 7: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/7.jpg)
7
MovingTarget
Schema
MovingTarget
Instance
conforms to
![Page 8: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/8.jpg)
8
Later, you decide that you want to embed* an XML
signature into the instances
* Enveloped XML Signature
![Page 9: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/9.jpg)
9
XMLSignatureSchema
conforms to
<Signature> …</Signature>
MovingTarget
Instance
xmldsig-core-schema.xsd
![Page 10: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/10.jpg)
10
If the author of the Moving Target Schema didn't
anticipate the use of XML Signatures …
![Page 11: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/11.jpg)
11
MovingTarget
Schema
XML Schema Validator
Error!
<Signature> …</Signature>
MovingTarget
Instance
![Page 12: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/12.jpg)
12
A solution?
![Page 13: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/13.jpg)
13
Modify the Moving Target Schema to import the XML
Signature schema
MovingTarget
Schema
XMLSignatureSchema
import
![Page 14: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/14.jpg)
14
Two problems with this solution
![Page 15: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/15.jpg)
15
Tightly coupled schemas: you have to modify Moving Target Schema to import the XML Signature Schema and you have to insert an element declaration that references an element or type within the XML Signature schema. If at a later date you no longer want to use XML Signature, or you want it nested at a different location within your documents, then you will have to remove/alter your schema.
![Page 16: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/16.jpg)
16
Doesn't scale: after XML Signature you may need to add Dublin Core (metadata), security markings, encryption, and so forth. You will find yourself in constant XML Schema update mode. ($$$)
![Page 17: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/17.jpg)
17
A nice solution
![Page 18: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/18.jpg)
18
MovingTarget
Schema
conforms to
XMLSignatureSchema
conforms to
<Signature> …</Signature>
MovingTarget
Instance
![Page 19: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/19.jpg)
19
XMLSignatureSchema
MovingTarget
Schema
XML Schema Validator
Okay!
XML Schema Validator
Okay!
<Signature> …</Signature>
MovingTarget
Instance
![Page 20: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/20.jpg)
20
Compound document
<Signature> …</Signature>
MovingTarget
Instance
![Page 21: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/21.jpg)
21
Schema validator: please validate the XML Signature
portion against xmldsig-core-schema.xsd and the rest
against moving-target.xsd
<Signature>…</Signature>
MovingTarget
Instance
![Page 22: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/22.jpg)
22
Schema validator: please validate the XML Signature
portion against xmldsig-core-schema.xsd and the rest
against moving-target.xsd <Signature>…</Signature>
MovingTarget
Instance
![Page 23: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/23.jpg)
23
English prose isn't very good for machines. Want to express this in a way that is good for machines.
<Signature>…</Signature>
MovingTarget
InstanceSchema validator: please
validate the XML Signature portion against xmldsig-core-
schema.xsd and the rest against moving-target.xsd
![Page 24: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/24.jpg)
24
XML!
![Page 25: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/25.jpg)
25
XML
Need a standardized XML vocabulary
<Signature>…</Signature>
MovingTarget
Instance
![Page 26: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/26.jpg)
26
NVDL
NVDL is a standardized XML vocabulary for expressing how the instance document should be "sectioned" and how each section should be validated
<Signature>…</Signature>
MovingTarget
Instance
![Page 27: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/27.jpg)
27
A Few Details
![Page 28: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/28.jpg)
28
Schema-Neutral Assembly of Data Components
XML
DTD Relax NG
XML SchemaSchematron
![Page 29: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/29.jpg)
29
Schema-Neutral Assembly of Data Components
conforms to
MovingTarget
Relax NG
conforms to
<Moving-Target> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
XMLSignature
XML Schema
![Page 30: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/30.jpg)
30
The Whole Document Conforms to ???
???
conforms to
Each individual data component conforms to a schema, but what does the whole document conform to?
<Moving-Target> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
![Page 31: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/31.jpg)
31
Meta-Schema
• What is needed is a meta-schema.
• A meta-schema specifies the schemas that may be collectively used to create an XML instance document. Thus, a meta-schema is a schema for schemas.
![Page 32: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/32.jpg)
32
NVDL is a Meta-Schema Language
• With NVDL you can make statements like this:
The XML instance document must be comprised of an Moving Target Data
Component and an XML Signature Data Components.
![Page 33: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/33.jpg)
33
Data Components are Identified by their Namespace
These namespace declarations enable an NVDL processor to partition (section) this XML instance document
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
![Page 34: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/34.jpg)
34
NVDL Processor "Sections" the XML Instance Document
NVDL
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> …</Moving-Target>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo></Signature>
![Page 35: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/35.jpg)
35… and then Validates each Section
NVDL
Moving TargetSchema
XML SignatureSchema
Validate
Validate
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> …</Moving-Target>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo></Signature>
Validate
![Page 36: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/36.jpg)
36
"Dispatch"
• The terminology is, "The NVDL processor dispatches each data component to the appropriate schema validator."
![Page 37: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/37.jpg)
37
The NVDL Meta-Schema Instructs the NVDL Processor
NVDL
processorNVDL
meta-schema
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
![Page 38: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/38.jpg)
38
The NVDL Meta-Schema Instructs the NVDL Processor
NVDL
processor
"The XML instance document must be comprised of a Moving Target Data Component and an XML Signature Data Component. The Moving Target component must be validated against Moving-Target.rng. The XML Signature component must be validated against xmldsig-core-schema.xsd."
<Moving-Target xmlns="http://www.dod.gov/moving-target#"> <Target-ID>Charlie 1</Target-ID> <Location> <Latitude>129.32</Latitude> <Longitude>90.91</Longitude> </Location> … <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://...c14n-20010315"/> <SignatureMethod Algorithm="http://...xmldsig#dsa-sha1"/> ... </SignedInfo> </Signature></Moving-Target>
![Page 39: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/39.jpg)
39
Wrap-up
![Page 40: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/40.jpg)
40
NVDL Processors• The folks at Oxygen XML have created a Java implementation of an NVDL processor, called
oNVDL. It can be downloaded from:– http://www.oxygenxml.com/onvdl.html
– Download the zip file and then unzip it. To use it, at a command line type this:
java -jar path-to-the-oxygen-onvdl-folder/onvdl/bin/onvdl.jar name-of-nvdl-file.nvdl name-of-xml-file.xml • SnRNV (Small nano Reconstruction NVDL Validator). SnRNV is a streaming NVDL validator,
dispatcher, and reconstructor, which can be used with other JAXP based XML validators such as Xerces, MSV, and Jing (Note that you need JARV-JAXP bridge to use MSV or Jing). SnRNV can be downloaded from:
– http://www.asahi-net.or.jp/~eb2m-mrt/nvdl/SnRNV-1.0.zip
• jNVDL is also a Java-based implementation of an NVDL processor. It can be downloaded from: – http://jnvdl.sourceforge.net/about-jnvdl.html
![Page 41: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/41.jpg)
41
Who's Using NVDL
• OOXML
• Ecma-376 Office Open XML
• W3C Internationalization Tag Set
• W3C SVG Tiny 1.2
• Docbook v5.0
![Page 42: Using NVDL with XML Signatures](https://reader036.vdocuments.net/reader036/viewer/2022062802/568144f1550346895db1c2ff/html5/thumbnails/42.jpg)
42
NVDL Tutorial
http://www.xfront.com/nvdl/