- From: Scott Cantor <cantor.2@osu.edu>
- Date: Fri, 23 Jan 2009 22:26:20 -0500
- To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
(I *think* this was an action against the Best Practices doc.) There's already a BP 2.6 on default values, and this is somewhat in the same vein, so I'd suggest inserting this below that and bumping the next one. ---- 2.7 Be aware of XML Schema Normalization Best Practice 19: Avoid destructive schema validation operations before verifying signatures. Applications relying on validation should either consider verifying signatures before schema validation, or select implementations that can avoid destructive DOM changes while validating. Part of the validation process defined by XML Schema includes the "normalization" of lexical values in a document into a "schema normalized value" that allows schema type validation to occur against a predictable form. Some implementations of validating parsers, particular early ones, often modified DOM information "in place" when performing this process. Unless the signer also performed a similar validation process on the input document, verification is likely to fail. Newer validating parsers generally include an option to disable type normalization, or take steps to avoid modifying the DOM, usually by storing normalized values internally alongside the original data. Verifiers should be aware of the effects of their chosen parser and adjust the order of operations or parser options accordingly. Signers might also choose to operate on the normalized form of an XML instance when possible. ---- -- Scott
Received on Saturday, 24 January 2009 03:27:01 UTC