W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2010

ISSUE-207: Update wording of best practice in 2.2.2 since empty result could be intentional, e.g. sign element even if missing. text to modify "In this case there is XPath transform, which evaluates to zero or false for every node, so it ends up selecting nothing. So even though the signature seems to sign the Approval, it actually doesn't. The application should reject this document."

From: XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 29 Jun 2010 14:46:04 +0000
To: public-xmlsec@w3.org
Message-Id: <E1OTc4a-00031j-9d@otto.w3.org>

ISSUE-207: Update wording of best practice in 2.2.2 since empty result could be intentional, e.g. sign element even if missing. text to modify "In this case there is XPath transform, which evaluates to zero or false for every node, so it ends up selecting nothing. So even though the signature seems to sign the Approval, it actually doesn't. The application should reject this document."

http://www.w3.org/2008/xmlsec/track/issues/207

Raised by: 
On product: 
Received on Tuesday, 29 June 2010 14:46:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 June 2010 14:46:10 GMT