W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Avoiding default XML Schema values [Best Practices]

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Wed, 25 Feb 2009 01:21:02 +0100
Message-ID: <49A48EEE.6030902@iaik.tugraz.at>
To: XMLSec WG Public List <public-xmlsec@w3.org>

Shouldn't the last sentence rather say the following:

s/The net result being that what is verified will not be what was
signed./The net result being that what is verified will not be what was
signed and cause the signature to break./

Further as I mentioned before this Section deserves a note as follows,
which does not necessarily have to reference SC14n:

Note: Schema Centric Canonicalization (SC14n) has been proposed to
canonicalize XML with respect to an XML Schema (default values,
namespace prefix desensitization, namespace attribute normalization,
data-type canonicalization, data-type canonicalization). Besides the
UDDI context however, ScC14n seems to be only used in MPEG-21. Otherwise
- to our knowledge - it has hardly been used, nor yet as of 2008 been
implemented by major vendors of XMLDSIG implementations [X].


[X] http://tinyurl.com/MT-Konrad-Lanz-OASIS-DSS#nameddest=subsection.2.5.4

btw. Is there a reference somewhere in the minutes that indicates why
http://www.w3.org/2008/xmlsec/track/issues/75 is closed?

Opened: 2008-11-18
Closed: 2008-12-17

Could neither find in:

Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520

Downlaod certificate chain (including the EuroPKI root certificate):

Received on Wednesday, 25 February 2009 00:21:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC