W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Avoiding default XML Schema values [Best Practices]

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Wed, 25 Feb 2009 01:21:02 +0100
Message-ID: <49A48EEE.6030902@iaik.tugraz.at>
To: XMLSec WG Public List <public-xmlsec@w3.org>
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#avoid-default-schema-values

Shouldn't the last sentence rather say the following:

s/The net result being that what is verified will not be what was
signed./The net result being that what is verified will not be what was
signed and cause the signature to break./

Further as I mentioned before this Section deserves a note as follows,
which does not necessarily have to reference SC14n:

Note: Schema Centric Canonicalization (SC14n) has been proposed to
canonicalize XML with respect to an XML Schema (default values,
namespace prefix desensitization, namespace attribute normalization,
data-type canonicalization, data-type canonicalization). Besides the
UDDI context however, ScC14n seems to be only used in MPEG-21. Otherwise
- to our knowledge - it has hardly been used, nor yet as of 2008 been
implemented by major vendors of XMLDSIG implementations [X].

BR
Konrad

[X] http://tinyurl.com/MT-Konrad-Lanz-OASIS-DSS#nameddest=subsection.2.5.4

btw. Is there a reference somewhere in the minutes that indicates why
http://www.w3.org/2008/xmlsec/track/issues/75 is closed?

Opened: 2008-11-18
Closed: 2008-12-17

Could neither find in:
http://www.w3.org/2008/12/02-xmlsec-minutes
http://www.w3.org/2008/12/09-xmlsec-minutes
http://www.w3.org/2008/12/16-xmlsec-minutes

-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
http://www.iaik.tugraz.at/content/about_iaik/people/lanz_konrad/
http://jce.iaik.tugraz.at/sic/products/xml_security/

Downlaod certificate chain (including the EuroPKI root certificate):
http://ca.iaik.tugraz.at/capso/certs.jsp



Received on Wednesday, 25 February 2009 00:21:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT