W3C home > Mailing lists > Public > public-wsawg-security-tf@w3.org > June 2003

Interesting thread to harvest about schema validation, digital signature, etc.

From: Hugo Haas <hugo@w3.org>
Date: Thu, 26 Jun 2003 18:07:14 +0200
To: public-wsawg-security-tf@w3.org
Cc: Michael Champion <Mike.Champion@SoftwareAG-USA.com>, Dave Hollander <dmh@contivo.com>
Message-ID: <1059641615.IAA22192@phantom.w3.org>

Hi Abbie and all.

[ Mike and Dave, I am sending this to the security task force in order
  not to distract the WG from concepts and relationships, but am happy
  to resend it to www-ws-arch if you think it's best. ]

While going through old emails in my www-ws-arch folder, I found an
interesting thread to harvest that isn't covered by the current
security framework:

  http://www.w3.org/2002/02/mid/7FCB5A9F010AAE419A79A54B44F3718E2EAE6D@bocnte2k3.boc.chevrontexaco.net

There are, I think, several thing to point out in here:
- the meaning of signing a message.
- the dangers on relying on external processing (e.g. schema
  validation when the schema isn't attached to the message).
- maybe other things that I have missed.

It seems that the first point could go in the section about signature,
and the second one about a good practice or threats section.

Comments?

Regards,

Hugo

-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Thursday, 26 June 2003 12:45:20 EDT

This archive was generated by hypermail pre-2.1.9 : Monday, 22 September 2003 06:10:41 EDT