- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Fri, 29 Jul 2011 14:36:01 -0400
- To: XMLSec WG Public List <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Marcos Caceres <marcos.caceres@wacapps.net>
This is a Call for Consensus to publish an update to the XML Signature Best Practices document, using the latest editors draft at http://www.w3.org/2008/xmlsec/Drafts/best-practices/Overview.html The last publication was 31 August 2010. Changes since then include 1. Addition of section 2.1.4 with best practice "Avoid using the "descendant", "descendant-or-self", "following-sibling", and "following" axes when using streaming XPaths." and example: "XPath selection that causes denial of service in streaming mode" 2. Addition of summary of Best Practices section (section 3) 3. Update references 4. Internal updates to use new ReSpec standard mechanisms, some internal (not visible) cleanup. I suggest we get this published so that the published version reflects our latest stable version, as it has been a year since the last publication. Also, when we share an update to XML Signature 1.1 that references the Best Practices we should be sure it references the latest. I suggest we publish on 9 August unless we hear any concern before 2 August (this coming Tuesday). Please indicate support or concern on the public list. Silence will be assumed to be consent, but clear support for publication is preferred. Thanks regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG
Received on Friday, 29 July 2011 19:52:10 UTC