W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

ACTION-173: Best practice on schema normalization

From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 23 Jan 2009 22:26:20 -0500
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <052d01c97dd3$872d8a90$95889fb0$@2@osu.edu>

(I *think* this was an action against the Best Practices doc.)

There's already a BP 2.6 on default values, and this is somewhat in the same
vein, so I'd suggest inserting this below that and bumping the next one.

2.7 Be aware of XML Schema Normalization

Best Practice 19: Avoid destructive schema validation operations before
verifying signatures.

	Applications relying on validation should either consider verifying
	signatures before schema validation, or select implementations that
	can avoid destructive DOM changes while validating.

Part of the validation process defined by XML Schema includes the
"normalization" of lexical values in a document into a "schema normalized
value" that allows schema type validation to occur against a predictable

Some implementations of validating parsers, particular early ones, often
modified DOM information "in place" when performing this process. Unless the
signer also performed a similar validation process on the input document,
verification is likely to fail. Newer validating parsers generally include
an option to disable type normalization, or take steps to avoid modifying
the DOM, usually by storing normalized values internally alongside the
original data.

Verifiers should be aware of the effects of their chosen parser and adjust
the order of operations or parser options accordingly. Signers might also
choose to operate on the normalized form of an XML instance when possible.


-- Scott
Received on Saturday, 24 January 2009 03:27:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC