RE: ACTION-22: Review EXI docs that were published

I do not see anything that would be need to changed in the EXI specs.
However, given the nature of those specifications, my read-through does not
constitute an actual security review which, I feel, would require a
relatively indepth hands-on (e.g. playing with EXI toolkits, writing
security code (e.g. code to sign EXI, encrypt portions, explore
EXI-formatted signatures, etc.). 

_____________________________
Ed Simon <edsimon@xmlsec.com>
Principal, XMLsec Inc. 
(613) 726-9645 

Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com".


New! "Privacy Protection for E-Services" published by Idea Group (ISBN:
1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). 
Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML,
and SAML".
See the Table of Contents here: "http://tinyurl.com/rukr4".

-----Original Message-----
From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org] On
Behalf Of Thomas Roessler
Sent: September 2, 2008 12:26
To: Ed Simon
Cc: public-xmlsec@w3.org
Subject: Re: ACTION-22: Review EXI docs that were published


On 2008-09-02 12:33:47 -0400, Ed Simon wrote:

> There are certainly technical issues that could be important, but 
> before committing to fully exploring those, we should discuss the 
> validity of the use cases (see 1) to 3) in my prior email) with the 
> EXI WG.

Well, I believe they're getting ever closer to a last call, so if there are
things that we believe need to be changed in their spec, it's about time to
start raising them.

--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Sunday, 7 September 2008 19:12:11 UTC