1 / 13

Optimising XML Schema for IODEF Data model

Optimising XML Schema for IODEF Data model. INCH WG, IETF57 July 16, 2003 Yuri Demchenko <demch@NLnetLabs.nl>. Outlines. Motivation for moving to Schema definition Changes and Optimisations to IODEF elements semantics Extra features: XML Signature and Multilingual text type.

ruby
Télécharger la présentation

Optimising XML Schema for IODEF Data model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimising XML Schema for IODEF Data model INCH WG, IETF57 July 16, 2003 Yuri Demchenko <demch@NLnetLabs.nl>

  2. Outlines • Motivation for moving to Schema definition • Changes and Optimisations to IODEF elements semantics • Extra features: XML Signature and Multilingual text type XML Security

  3. Motivation for moving to XML Schema • DTD is document-oriented • Like HTML • Schema is data-oriented • More object oriented • Integrated into development tools • Easier maintenance (validation, modification, documentation - using tools) • Enabling other useful features • XML Signature • SAML • XPath, XSL and XSLT, XLink, XPointer XML Security

  4. Semantics change for some attributes (1) • Due to more complex way of naming attributes in the schema, introduced and redefined few attributes: • introduced Contact.contactrole • was just “role” defined locally for the Contact element • introduced Contact.contacttype • was just “type” defined locally for the Contact element • cloned attribute Expectation.priority from attvals.severity • Was priority %attvals.severity; #IMPLIED • renamed yesno -> spoofed • renamed Expectation.category -> expectation and attvals.expectation • Was just “category” defined as attvals.expectations XML Security

  5. Semantics change for some attributes (2) • Attribute dtype is used for both AdditionalData and RecordItem • Was adtype and dtype • Problems with IDMEF compatibility? • Data types for Telephone and Fax remains “string” • Mistakenly was defined in my early comments as "decimal" XML Security

  6. Container for Signature • Added container element Signatures to top level class IODEF-Document • May contain multiple signatures ds:Signature with imported namespace • <xs:element name="IODEF-Document">     <xs:complexType>      <xs:sequence>      <xs:element ref="Incident" maxOccurs="unbounded"/>      <xs:element ref="Signatures"/>      </xs: sequence>      <xs:attribute name="version" type="xs:string" fixed="0.1"/>     </xs:complexType> </xs:element> <xs:element name="Signatures">     <xs:complexType>      <xs:sequence>       <xs:element ref="ds:Signature" maxOccurs="unbounded"/>      </xs:sequence>     </xs:complexType> </xs:element> XML Security

  7. Simplified definition: elements Node, Service, UserId • <!ELEMENT Node (name?, Address*, DateTime?, Location?, NodeRole*)> • <!ELEMENT Node (((name | Address), Address*), DateTime?, name?, Address*, Location?, NodeRole*)> • (domain) name of a node is one but optional; IP Addresses may be many • <!ELEMENT Service (((name?, port) | portlist), protocol?, SNMPService?, WebService?)> • <!ELEMENT Service (((name | port | (name, port)) | portlist), protocol?, SNMPService?, WebService?)> • port primary identified by number, optionally - by name • this simplified definition will help to avoid warnings in the future from too strict validators and parsers • this definition will also validate initial IDMEF definition and XML text • <!ELEMENT UserId ((number, name?) | (name, number?))> • Old definition (name | number | (name, number)) generate warning of non-deterministic Schema • Other possibility - (name?, number?) XML Security

  8. New data types • Some elements are defined not as a complexElement but via complexType to allow reuse and easier redefine some complexTypes, in particular: • AdditionalDataType • IncidentIDType • DateTimeType • DescriptionType • MultilingTextType • TextAbstractType XML Security

  9. MultilingualTextType and TextAbstractType • To mark-up multilingual text preservation features, introduced two new classes: • TextAbstractType to carry language attribute • MultilingTextType to describe possible multilingual text transformation by Transform class imported from XMLSig Schema • Introduced new element "Name" for Contact class instead of more simple "name" • Name defined via MultilingTextType <xs:element name="Name" type="MultilingTextType"/> XML Security

  10. ds:Transform element • <xs:schema xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema"> • <xs:element name="Transforms" type="TransformsType"/> • <xs:complexType name="TransformsType"> • <xs:sequence> • <xs:element ref="Transform" maxOccurs="unbounded"/> • </xs:sequence> • </xs:complexType> • <xs:element name="Transform" type="TransformType"/> • <xs:complexType name="TransformType" mixed="true"> • <xs:choice minOccurs="0" maxOccurs="unbounded"> • <xs:any namespace="##other" processContents="lax"/> • <xs:element name="XPath" type="string"/> • ## (1,1) elements from (0,unbounded) namespaces ## • </xs:choice> • <xs:attribute name="Algorithm" type="xs:anyURI" use="required"/> • </xs:complexType> XML Security

  11. Issue to discuss: Preserving multilingual text • Measures to preserve multilingual non-UTF-8 text look complex, so they better will be limited to elements which are really sensitive to non-UTF-8 encoding: Description Name PostalAddress Impact Location • IDN (internationalised domain name) – required to use UTF-8 or other derived encoding. XML Security

  12. Preserving ML text - usage • Two cases are possible when using XML Signature: • Transform to UTF-8 all document and sign the document • Use text transformation to keep multilingual text in binary form and sign the document • In both cases you need to make conversion to display text on user machine that doesn’t use/handle UTF-8/Unicode XML Security

  13. Future steps • Make changes to current DTD-01 • Include Schema into next IODEF draft? XML Security

More Related