W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2008

Proposed text for Best Practices document: Use of "default" attributes in XMLDsig

From: Magnus Nyström <magnus@rsa.com>
Date: Wed, 26 Nov 2008 15:36:53 +0100 (W. Europe Standard Time)
To: public-xmlsec@w3.org
Message-ID: <Pine.WNT.4.64.0811211509300.5448@W-JNISBETTEST-1.tablus.com>

This is in response to my ACTION-110 that I got last week. Please let me 
know what you think.

Best,
-- Magnus
-- 

When an instance document is governed by a schema that makes use of 
default values there is a risk that signatures made over that instance 
will not verify. The reason is that the instance generator (and the 
signature process) will not include the default values but the recipient 
processing application, if parsing under the control of the schema, may 
fill in the defaults. The net result being that what is verified will not 
be what was signed.

A best practice recommendation is therefore to either avoid use of default 
values or ensure that their values are always present in the instance 
document. Another possibility is to make use of schema-centric 
canonicalization, see:

http://uddi.org/pubs/SchemaCentricCanonicalization-20050523.htm
--
Received on Wednesday, 26 November 2008 14:38:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT