- From: <Frederick.Hirsch@nokia.com>
- Date: Tue, 21 Sep 2010 15:51:47 +0200
- To: <Meiko.Jensen@ruhr-uni-bochum.de>
- CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
[moving discussion to public list] Meiko Thanks for the excellent paper on namespaces and XML Signature. I was thinking there might be another mitigation approach that gets the benefits of prefix-free XPath expressions without introducing massive user-errors, of which you note many possibilities. What if we define SigXPath which requires pre-processing of an XPath expression to replace prefix:local in the XPath expression with /*[local-name() = "local" and namespace-uri() = "prefix"] thus obtaining the prefix-free expression as XPath input, but making it a toolkit issue, not an end-user issue? Might be a pragmatic approach toward mitigating the risk without requiring user-change... Maybe this should be part of the XPath "profile" definition? regards, Frederick Frederick Hirsch Nokia On Sep 14, 2010, at 11:52 AM, ext Meiko Jensen wrote: > As requested, here is the paper corresponding to Action-538 > > cheers > > Meiko > > -- > Dipl.-Inf. Meiko Jensen > Chair for Network and Data Security > Horst Görtz Institute for IT-Security > Ruhr University Bochum, Germany > _____________________________ > Universitätsstr. 150, Geb. ID 2/411 > D-44801 Bochum, Germany > Phone: +49 (0) 234 / 32-26796 > Telefax: +49 (0) 234 / 32-14347 > http:// www.nds.rub.de > > > <sws01-jensen.pdf>
Received on Tuesday, 21 September 2010 13:52:37 UTC