W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: Avoiding default XML Schema values [Best Practices]

From: Magnus Nyström <magnus@rsa.com>
Date: Wed, 25 Feb 2009 12:48:58 +0100 (W. Europe Standard Time)
To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <Pine.WNT.4.64.0902251246480.1500@W-JNISBETTEST-1.tablus.com>
Konrad,

I think it was precisely the cited lack of use of SC14n that caused us not 
to include such a note. See e.g.

http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0055.html

-- Magnus

On Tue, 24 Feb 2009, Konrad Lanz wrote:

> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#avoid-default-schema-values
>
> Shouldn't the last sentence rather say the following:
>
> s/The net result being that what is verified will not be what was
> signed./The net result being that what is verified will not be what was
> signed and cause the signature to break./
>
> Further as I mentioned before this Section deserves a note as follows,
> which does not necessarily have to reference SC14n:
>
> Note: Schema Centric Canonicalization (SC14n) has been proposed to
> canonicalize XML with respect to an XML Schema (default values,
> namespace prefix desensitization, namespace attribute normalization,
> data-type canonicalization, data-type canonicalization). Besides the
> UDDI context however, ScC14n seems to be only used in MPEG-21. Otherwise
> - to our knowledge - it has hardly been used, nor yet as of 2008 been
> implemented by major vendors of XMLDSIG implementations [X].
>
> BR
> Konrad
>
> [X] http://tinyurl.com/MT-Konrad-Lanz-OASIS-DSS#nameddest=subsection.2.5.4
>
> btw. Is there a reference somewhere in the minutes that indicates why
> http://www.w3.org/2008/xmlsec/track/issues/75 is closed?
>
> Opened: 2008-11-18
> Closed: 2008-12-17
>
> Could neither find in:
> http://www.w3.org/2008/12/02-xmlsec-minutes
> http://www.w3.org/2008/12/09-xmlsec-minutes
> http://www.w3.org/2008/12/16-xmlsec-minutes
>
>
Received on Wednesday, 25 February 2009 11:49:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT