W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > April 2008

Re: Best Practices process

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Mon, 28 Apr 2008 17:33:13 +0200
Message-ID: <4815EE39.10506@iaik.tugraz.at>
To: Sean Mullan <Sean.Mullan@Sun.COM>
CC: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Hi Sean,

Yes, we can link this to DSS ... we had experienced and discussed the
issues there as well ...



Sean Mullan schrieb:
> I think it might be useful to have a best practice on signing "legacy 
> XML", or XML without namespace information. If you create an enveloping 
> signature over XML without namespace information, it may inherit the XML 
> Signature namespace of the Object element, which is not the intended 
> behavior. There are two potential workarounds that I have been advising 
> users to workaround this :
> 1) Insert an xmlns="" namespace definition in the legacy XML. However, 
> this is not always practical.
> 2) Insulate it from the XML Signature namespace by defining a namespace 
> prefix on the XML Signature (ex: "ds").
> I would be curious as to whether others have had similar issues and what 
> solution they recommend. The 2nd point above is probably a good practice 
> in general.
> Also, a nit on the best practices doc:
> - section 2.1 typo: s/expecially/especially
> --Sean
> Frederick Hirsch wrote:
>> What I propose we do as a WG to progress the Best Practices draft is the 
>> following:
>> 1. WG members please review the current Editors Draft [1], which 
>> reflects some suggestions on the last teleconference.
>> 2. WG members propose text to be added or changed in the current Editors 
>> draft , by sending an email to the public WG mail list (please include 
>> [BestPractices] in email Subject line)
>> 3. WG discuss and agree to changes.
>> What I would like to accomplish on our next call is to get to a baseline 
>> draft that the WG agrees reflects WG consensus. To do this WG members 
>> must review the current draft, make concrete proposals for changes and 
>> additions on the email list in advance of the meeting, agree as a WG to 
>> those changes and then review and agree that a subsequent draft reflects 
>> those changes.
>> Please indicate any suggestions or concerns with this process to the 
>> public list, please review the draft, and please send proposals to the 
>> list in advance of 6 May.
>> If there is any WG member who wishes to join as an editor please let 
>> Thomas and myself know so we can discuss.
>> Thanks
>> regards, Frederick
>> Frederick Hirsch, Nokia
>> Chair, OASIS Strategy Committee
>> [1] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/

Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520

Certificate chain (including the EuroPKI root certificate):

Received on Monday, 28 April 2008 15:34:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:58:44 UTC