W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2011

Re: Call for Consensus - publish update to XML Signature Best Practices

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Mon, 1 Aug 2011 22:21:10 +0200
Message-ID: <CAL1nonLbUhJQsPiBnUL4zgTdpkGZuger_eA4zkSQG1qYAa_UXg@mail.gmail.com>
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>
On Fri, Jul 29, 2011 at 8:36 PM, Frederick Hirsch
<frederick.hirsch@nokia.com> wrote:
> This is a Call for Consensus to publish an update to the XML Signature Best Practices document, using the latest editors draft at
> http://www.w3.org/2008/xmlsec/Drafts/best-practices/Overview.html
> The last publication was 31 August 2010.
> Changes since then include
> 1. Addition of  section 2.1.4 with best practice "Avoid using the "descendant", "descendant-or-self", "following-sibling", and "following" axes when using streaming XPaths." and   example: "XPath selection that causes denial of service in streaming mode"
> 2. Addition  of summary of Best Practices section (section 3)
> 3. Update references
> 4. Internal updates to use new ReSpec standard mechanisms, some internal (not visible) cleanup.
> I suggest we get this published so that the published version reflects our latest stable version, as it has been a year since the last publication. Also, when we share an update to XML Signature 1.1 that references the Best Practices we should be sure it references the latest.
> I suggest we publish on 9 August unless we hear any concern before 2 August (this coming Tuesday).
> Please indicate support or concern on the public list. Silence will be assumed to be consent, but clear support for publication is preferred.

I support publication. Thanks to the XMLSec WG for continuing to work
on this document!

Marcos Caceres
Received on Monday, 1 August 2011 20:21:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:16 UTC