- From: Pitt, Esmond <pitte@anz.com>
- Date: Mon, 7 Oct 2002 10:18:02 +1000
- To: XML Signature <w3c-ietf-xmldsig@w3.org>
There was a discussion in this list around 1999 on this topic. How was it finally resolved? The schema for a document is logically speaking part of the data that is signed, because it is the source of the default attribute values. However it is not necessarily physically present in the signed document. This leads to an integriy problem: if the schema associated with a message is lost or corrupted, the signature on the document becomes non-verifiable and legal non-repudiation is lost. My question is, what kind of security regimes are people putting around XML schemas associated with signed XML documents in practice? EJP
Received on Sunday, 6 October 2002 20:19:20 UTC