- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 16 Sep 2008 15:17:37 +0200
- To: public-xmlsec@w3.org
I'd propose we use the following test as Status of the Document for the Best Practices Note (note that 90% of this is boilerplate): Status of This Document This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/. This is a First Public Working Draft of "XML Signature Best Practices." -- non boilerplate starts This document is expected to be further updated based on both Working Group input and public comments. The Working Group anticipates to eventually publish a stabilized version of this document as a W3C Working Group Note. -- non boilerplate ends This document was developed by the XML Security Working Group. Please send comments about this document to public-xmlsec-comments@w3.org (with public archive). Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress. This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. The group does not expect this document to become a W3C Recommendation. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. Abstract This document collects best practices for implementors and users of the XML Signature specification. Most of these best practices are related to improving security and mitigating attacks, yet others are for best practices in the practical use of XML Signature, such as signing XML that doesn't use namespaces, for example. Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 16 September 2008 13:18:12 UTC