W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Proposed text for Action Item 122: draft best practice around xpath filter 2

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Mon, 26 Jan 2009 14:21:25 -0500
To: Sean.Mullan@Sun.COM, XMLSec W3C <public-xmlsec@w3.org>
Message-id: <497E0D35.4090103@sun.com>

Best Practice X: Prefer the XPath Filter 2 Transform to the XPath Filter 
Transform

Applications should prefer the <a 
href="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter 2 
Transform</a> to the <a 
href="http://www.w3.org/TR/xmldsig-core/#sec-XPath">XPath Filter 
Transform</a> when generating XML Signatures. The XPath Filter 2 
Transform was designed to improve the performance issues associated with 
the XPath Filter Transform and allow signing operations to be expressed 
more clearly and efficiently, as well as helping to mitigate the denial 
of service attacks discussed in section 2.1.2. See 
http://www.w3.org/TR/xmldsig-filter2/#sec-Intro for more information.

--Sean
Received on Monday, 26 January 2009 19:22:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT