Re: Best Practices process from Konrad Lanz on 2008-04-28 (public-xmlsec-maintwg@w3.org from April 2008)

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Mon, 28 Apr 2008 17:33:13 +0200
To: Sean Mullan <Sean.Mullan@Sun.COM>
CC: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec XMLSec <public-xmlsec-maintwg@w3.org>
Message-ID: <4815EE39.10506@iaik.tugraz.at>

Hi Sean,

Yes, we can link this to DSS ... we had experienced and discussed the
issues there as well ...

http://lists.oasis-open.org/archives/dss/200504/msg00048.html

Konrad

Sean Mullan schrieb:
> I think it might be useful to have a best practice on signing "legacy 
> XML", or XML without namespace information. If you create an enveloping 
> signature over XML without namespace information, it may inherit the XML 
> Signature namespace of the Object element, which is not the intended 
> behavior. There are two potential workarounds that I have been advising 
> users to workaround this :
>
> 1) Insert an xmlns="" namespace definition in the legacy XML. However, 
> this is not always practical.
>
> 2) Insulate it from the XML Signature namespace by defining a namespace 
> prefix on the XML Signature (ex: "ds").
>
> I would be curious as to whether others have had similar issues and what 
> solution they recommend. The 2nd point above is probably a good practice 
> in general.
>
> Also, a nit on the best practices doc:
>
> - section 2.1 typo: s/expecially/especially
>
> --Sean
>
> Frederick Hirsch wrote:
>   
>> What I propose we do as a WG to progress the Best Practices draft is the 
>> following:
>>
>> 1. WG members please review the current Editors Draft [1], which 
>> reflects some suggestions on the last teleconference.
>>
>> 2. WG members propose text to be added or changed in the current Editors 
>> draft , by sending an email to the public WG mail list (please include 
>> [BestPractices] in email Subject line)
>>
>> 3. WG discuss and agree to changes.
>>
>> What I would like to accomplish on our next call is to get to a baseline 
>> draft that the WG agrees reflects WG consensus. To do this WG members 
>> must review the current draft, make concrete proposals for changes and 
>> additions on the email list in advance of the meeting, agree as a WG to 
>> those changes and then review and agree that a subsequent draft reflects 
>> those changes.
>>
>> Please indicate any suggestions or concerns with this process to the 
>> public list, please review the draft, and please send proposals to the 
>> list in advance of 6 May.
>>
>> If there is any WG member who wishes to join as an editor please let 
>> Thomas and myself know so we can discuss.
>>
>> Thanks
>>
>> regards, Frederick
>>
>> Frederick Hirsch, Nokia
>> Chair, OASIS Strategy Committee
>>
>> [1] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/
>>
>>
>>     
>
>
>   


-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm

Received on Monday, 28 April 2008 15:34:08 UTC