Re: Best Practices process from Sean Mullan on 2008-04-28 (public-xmlsec-maintwg@w3.org from April 2008)

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Mon, 28 Apr 2008 11:03:58 -0400
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Message-id: <4815E75E.4060506@sun.com>

I think it might be useful to have a best practice on signing "legacy 
XML", or XML without namespace information. If you create an enveloping 
signature over XML without namespace information, it may inherit the XML 
Signature namespace of the Object element, which is not the intended 
behavior. There are two potential workarounds that I have been advising 
users to workaround this :

1) Insert an xmlns="" namespace definition in the legacy XML. However, 
this is not always practical.

2) Insulate it from the XML Signature namespace by defining a namespace 
prefix on the XML Signature (ex: "ds").

I would be curious as to whether others have had similar issues and what 
solution they recommend. The 2nd point above is probably a good practice 
in general.

Also, a nit on the best practices doc:

- section 2.1 typo: s/expecially/especially

--Sean

Frederick Hirsch wrote:
> 
> What I propose we do as a WG to progress the Best Practices draft is the 
> following:
> 
> 1. WG members please review the current Editors Draft [1], which 
> reflects some suggestions on the last teleconference.
> 
> 2. WG members propose text to be added or changed in the current Editors 
> draft , by sending an email to the public WG mail list (please include 
> [BestPractices] in email Subject line)
> 
> 3. WG discuss and agree to changes.
> 
> What I would like to accomplish on our next call is to get to a baseline 
> draft that the WG agrees reflects WG consensus. To do this WG members 
> must review the current draft, make concrete proposals for changes and 
> additions on the email list in advance of the meeting, agree as a WG to 
> those changes and then review and agree that a subsequent draft reflects 
> those changes.
> 
> Please indicate any suggestions or concerns with this process to the 
> public list, please review the draft, and please send proposals to the 
> list in advance of 6 May.
> 
> If there is any WG member who wishes to join as an editor please let 
> Thomas and myself know so we can discuss.
> 
> Thanks
> 
> regards, Frederick
> 
> Frederick Hirsch, Nokia
> Chair, OASIS Strategy Committee
> 
> [1] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/
> 
>

Received on Monday, 28 April 2008 15:04:43 UTC