Proposed SOTD and Abstract for Best Practices from Thomas Roessler on 2008-09-16 (public-xmlsec@w3.org from September 2008)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 16 Sep 2008 15:17:37 +0200
To: public-xmlsec@w3.org
Message-ID: <20080916131737.GA1555@iCoaster.does-not-exist.org>

I'd propose we use the following test as Status of the Document for
the Best Practices Note (note that 90% of this is boilerplate):

Status of This Document

	This section describes the status of this document at the
	time of its publication. Other documents may supersede this
	document. A list of current W3C publications and the latest
	revision of this technical report can be found in the W3C
	technical reports index at http://www.w3.org/TR/.

	This is a First Public Working Draft of "XML Signature Best
	Practices."

-- non boilerplate starts

	This document is expected to be further updated based on
	both Working Group input and public comments.  The Working
	Group anticipates to eventually publish a stabilized version
	of this document as a W3C Working Group Note.

-- non boilerplate ends

	This document was developed by the XML Security Working Group.

	Please send comments about this document to
	public-xmlsec-comments@w3.org (with public archive).

	Publication as a Working Draft does not imply endorsement by
	the W3C Membership. This is a draft document and may be
	updated, replaced or obsoleted by other documents at any
	time. It is inappropriate to cite this document as other
	than work in progress. This document was produced by a group
	operating under the 5 February 2004 W3C Patent Policy. The
	group does not expect this document to become a W3C
	Recommendation. W3C maintains a public list of any patent
	disclosures made in connection with the deliverables of the
	group; that page also includes instructions for disclosing a
	patent. An individual who has actual knowledge of a patent
	which the individual believes contains Essential Claim(s)
	must disclose the information in accordance with section 6
	of the W3C Patent Policy. 

Abstract

	This document collects best practices for implementors and
	users of the XML Signature specification.  Most of these
	best practices are related to improving security and
	mitigating attacks, yet others are for best practices in the
	practical use of XML Signature, such as signing XML that
	doesn't use namespaces, for example.
	
Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Tuesday, 16 September 2008 13:18:12 UTC