Using NVDL with XML Signatures - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Using NVDL with XML Signatures

Description:

conforms to. 8. Later, you decide that you want to embed* an XML signature into the ... conforms to Moving-Target Target-ID Charlie 1 /Target-ID Location ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 43
Provided by: roger243
Category:

less

Transcript and Presenter's Notes

Title: Using NVDL with XML Signatures


1
Using NVDL withXML Signatures
  • Rob Miller

2
What is NVDL?
  • NVDL Namespace-based Validation Dispatching
    Language
  • NVDL is an XML technology
  • NVDL is an ISO standard
  • NVDL enables you to independently develop data,
    then assemble the data into a single document,
    and then validate that compound document

3
Example
4
Scenario
5
You've created an XML Schema to track moving
targets
6
Moving Target Schema
7
Moving Target Instance
Moving Target Schema
conforms to
8
Later, you decide that you want to embed an XML
signature into the instances
Enveloped XML Signature
9
xmldsig-core-schema.xsd
XML Signature Schema
Moving Target Instance
conforms to
ltSignaturegt lt/Signaturegt
10
If the author of the Moving Target Schema didn't
anticipate the use of XML Signatures
11
Moving Target Schema
Moving Target Instance
ltSignaturegt lt/Signaturegt
XML Schema Validator
Error!
12
A solution?
13
XML Signature Schema
Modify the Moving Target Schema to import the XML
Signature schema
Moving Target Schema
import
14
Two problems with this solution ?
15
Tightly coupled schemas you have to modify
Moving Target Schema to import the XML Signature
Schema and you have to insert an element
declaration that references an element or type
within the XML Signature schema. If at a later
date you no longer want to use XML Signature, or
you want it nested at a different location within
your documents, then you will have to
remove/alter your schema.
16
Doesn't scale after XML Signature you may need
to add Dublin Core (metadata), security markings,
encryption, and so forth. You will find yourself
in constant XML Schema update mode. ()
17
A nice solution ?
18
XML Signature Schema
Moving Target Schema
Moving Target Instance
conforms to
conforms to
ltSignaturegt lt/Signaturegt
19
XML Signature Schema
Moving Target Schema
Moving Target Instance
ltSignaturegt lt/Signaturegt
XML Schema Validator
XML Schema Validator
Okay!
Okay!
20
Moving Target Instance
Compound document
ltSignaturegt lt/Signaturegt
21
Moving Target Instance
ltSignaturegt lt/Signaturegt
Schema validator please validate the XML
Signature portion against xmldsig-core-schema.xsd
and the rest against moving-target.xsd
22
Moving Target Instance
Schema validator please validate the XML
Signature portion against xmldsig-core- schema.xs
d and the rest against moving-target.xsd
ltSignaturegt lt/Signaturegt
23
Moving Target Instance
Schema validator please validate the XML
Signature portion against xmldsig-core- schema.xs
d and the rest against moving-target.xsd
ltSignaturegt lt/Signaturegt
English prose isn't very good for machines. Want
to express this in a way that is good for
machines.
24
XML!
25
Moving Target Instance
XML
ltSignaturegt lt/Signaturegt
Need a standardized XML vocabulary
26
Moving Target Instance
NVDL
ltSignaturegt lt/Signaturegt
NVDL is a standardized XML vocabulary for
expressing how the instance document should be
"sectioned" and how each section should be
validated
27
A Few Details
28
Schema-Neutral Assembly of Data Components
DTD
Relax NG
XML
XML Schema
Schematron
29
Schema-Neutral Assembly of Data Components
conforms to
Moving Target Relax NG
XML Signature XML Schema
conforms to
30
The Whole Document Conforms to ???
Each individual data component conforms to a
schema, but what does the whole document conform
to?
???
conforms to
ltMoving-Targetgt ltTarget-IDgtCharlie
1lt/Target-IDgt ltLocationgt
ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt lt/Locationgt
ltSignaturegt ltSignedInfogt
ltCanonicalizationMethod
Algorithm"http//...c14n-20010315"/gt
ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
31
Meta-Schema
  • What is needed is a meta-schema.
  • A meta-schema specifies the schemas that may be
    collectively used to create an XML instance
    document. Thus, a meta-schema is a schema for
    schemas.

32
NVDL is a Meta-Schema Language
  • With NVDL you can make statements like this
    The XML instance document must be comprised
    of an Moving Target Data Component and an XML
    Signature Data Components.

33
Data Components are Identified by their Namespace
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt ltSignature
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltSignedInfogt ltCanonicalizationMethod
Algorithm"http//...c14n-20010
315"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
These namespace declarations enable an NVDL
processor to partition (section) this XML
instance document
34
NVDL Processor "Sections" the XML Instance
Document
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt lt/Moving-Targetgt
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt ltSignature
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltSignedInfogt ltCanonicalizationMethod
Algorithm"http//...c14n-20010
315"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
N V D L
ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
g"gt ltSignedInfogt ltCanonicalizationMet
hod Algorithm"http//...c14n-200103
15"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt lt/Signaturegt
35
and then Validates each Section
Moving Target Schema
Validate
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt lt/Moving-Targetgt
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt ltSignature
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltSignedInfogt ltCanonicalizationMethod
Algorithm"http//...c14n-20010
315"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
N V D L
ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
g"gt ltSignedInfogt ltCanonicalizationMet
hod Algorithm"http//...c14n-200103
15"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt lt/Signaturegt
XML Signature Schema
Validate
Validate
36
"Dispatch"
  • The terminology is, "The NVDL processor
    dispatches each data component to the appropriate
    schema validator."

37
The NVDL Meta-Schema Instructs the NVDL Processor
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt ltSignature
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltSignedInfogt ltCanonicalizationMethod
Algorithm"http//...c14n-20010
315"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
N V D L processor
NVDL meta-schema
38
The NVDL Meta-Schema Instructs the NVDL Processor
ltMoving-Target xmlns"http//www.dod.gov/moving-ta
rget"gt ltTarget-IDgtCharlie 1lt/Target-IDgt
ltLocationgt ltLatitudegt129.32lt/Latitudegt
ltLongitudegt90.91lt/Longitudegt
lt/Locationgt ltSignature
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltSignedInfogt ltCanonicalizationMethod
Algorithm"http//...c14n-20010
315"/gt ltSignatureMethod
Algorithm"http//...xmldsigdsa-sha1"/gt
... lt/SignedInfogt
lt/Signaturegt lt/Moving-Targetgt
N V D L processor
"The XML instance document must be comprised of
a Moving Target Data Component and an XML
Signature Data Component. The Moving Target
component must be validated against
Moving- Target.rng. The XML Signature component
must be validated against xmldsig-core- schema.xs
d."
39
Wrap-up
40
NVDL Processors
  • The folks at Oxygen XML have created a Java
    implementation of an NVDL processor, called
    oNVDL. It can be downloaded from
  • http//www.oxygenxml.com/onvdl.html
  • Download the zip file and then unzip it. To use
    it, at a command line type thisjava -jar
    path-to-the-oxygen-onvdl-folder/onvdl/bin/onvdl.ja
    r name-of-nvdl-file.nvdl name-of-xml-file.xml
  • SnRNV (Small nano Reconstruction NVDL Validator).
    SnRNV is a streaming NVDL validator, dispatcher,
    and reconstructor, which can be used with other
    JAXP based XML validators such as Xerces, MSV,
    and Jing (Note that you need JARV-JAXP bridge to
    use MSV or Jing). SnRNV can be downloaded from
  • http//www.asahi-net.or.jp/eb2m-mrt/nvdl/SnRNV-1.
    0.zip
  • jNVDL is also a Java-based implementation of an
    NVDL processor. It can be downloaded from
  • http//jnvdl.sourceforge.net/about-jnvdl.html

41
Who's Using NVDL
  • OOXML
  • Ecma-376 Office Open XML
  • W3C Internationalization Tag Set
  • W3C SVG Tiny 1.2
  • Docbook v5.0

42
NVDL Tutorial
http//www.xfront.com/nvdl/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Using NVDL with XML Signatures" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!