XML Signature Best Practices First Public Draft published from Frederick Hirsch on 2008-11-17 (public-xmlsec@w3.org from November 2008)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 17 Nov 2008 15:08:00 -0500
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <3997D097-AC52-45CC-9390-B0C45FB61BC2@nokia.com>

The XML Signature Best Practices First Public Draft has been  
published. Below is the notice from the W3C home page.
Thanks to everyone in the WG for this accomplishment, and thanks to  
Thomas Roessler and the W3C team for publishing the draft.
regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

W3C Publishes XML Signature Best Practices First Public Draft
2008-11-14: The XML Security Working Group has published the First  
Public Working Draft of XML Signature Best Practices. The XML  
Signature specification offers powerful and flexible mechanisms to  
support a variety of use cases. This flexibility has the downside of  
increasing the number of possible attacks. One countermeasure to the  
increased number of threats is to follow best practices, including a  
simplification of the use of XML Signature where possible. This  
document outlines best practices noted by the XML Security  
Specifications Maintenance Working Group, the XML Security Working  
Group, and other ideas cited at the Workshop on Next Steps for XML  
Security. While most of these best practices are related to improving  
security and mitigating attacks, yet others are for best practices in  
the practical use of XML Signature, such as signing XML that doesn't  
use namespaces. Learn more about the Security Activity. (Permalink)

Received on Monday, 17 November 2008 20:08:47 UTC