- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 22 Jul 2008 12:13:20 -0400
- To: <public-xmlsec@w3.org>
(The tracker form didn't work for me, so I'm using email.) Title: Enabling signature verification without schema validation Description: We should study and provide solutions and/or guidelines for people that need to sign and verify documents without relying on schema validation. This includes addressing "ID" attributes (not everything uses or will use xml:id), default attributes, the effects of schema normalization, and so forth. Justification: Pretty well-known...people don't use schema validation in many runtime scenarios, which makes ID attributes an application-specific issue, creating layering violations. Other things like default attributes and schema normalization cause verification failures if the sender and the receiver differ in whether they validate and how. Proposal: Various suggestions about some of these issues came up during the workshop, including ideas like supplying a kind of "mini-DTD" within the Signature that could inform the signature processor of ID attributes, defaults, and the like. Some kind of general "processing instruction" approach might make sense to accommodate an extensible set of issues. -- Scott
Received on Tuesday, 22 July 2008 16:13:57 UTC