W3C home > Mailing lists > Public > public-wsawg-security-tf@w3.org > June 2003

RE: Interesting thread to harvest about schema validation, digita ?l signature, etc.

From: Abbie Barbir <abbieb@nortelnetworks.com>
Date: Thu, 26 Jun 2003 15:54:30 -0400
Message-ID: <87609AFB433BD5118D5E0002A52CD754062E7AB9@zcard0k6.ca.nortel.com>
To: Hugo Haas <hugo@w3.org>, public-wsawg-security-tf@w3.org
Cc: Michael Champion <Mike.Champion@SoftwareAG-USA.com>, Dave Hollander <dmh@contivo.com>
i will look into it

> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org] 
> Sent: Thursday, June 26, 2003 12:07 PM
> To: public-wsawg-security-tf@w3.org
> Cc: Michael Champion; Dave Hollander
> Subject: Interesting thread to harvest about schema 
> validation, digital signature, etc.
> Hi Abbie and all.
> [ Mike and Dave, I am sending this to the security task force in order
>   not to distract the WG from concepts and relationships, but am happy
>   to resend it to www-ws-arch if you think it's best. ]
> While going through old emails in my www-ws-arch folder, I 
> found an interesting thread to harvest that isn't covered by 
> the current security framework:

There are, I think, several thing to point out in here:
- the meaning of signing a message.
- the dangers on relying on external processing (e.g. schema
  validation when the schema isn't attached to the message).
- maybe other things that I have missed.

It seems that the first point could go in the section about signature, and
the second one about a good practice or threats section.




Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
Received on Thursday, 26 June 2003 15:54:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:09:56 UTC