ISSUE-73: XML Schema defaults

XML Schema defaults

State:
CLOSED
Product:
XML Signature Best Practices
Raised by:
Frederick Hirsch
Opened on:
2008-11-13
Description:
see http://www.ietf.org/mail-archive/web/keyprov/current/msg00531.html

There is a cool feature in XML Schemas that allows you to specify default values.
The not so cool side-effect is that signatures tend to break when you use this feature.

Why?

When you generate XML you usually do not use a schema, you just write.
The signature generation part do not know the schema either which means that defaults are not
emitted (well, that was I guess the whole point with defaults anyway).

When you parse XML under the control of a schema you get the defaults filled in. If you verify
signatures on the DOM tree that may be the result of the read operation it will fail.

That is, if you want to keep defaults you should probably add a paragraph telling the "signer" to
always fill in the right ("canonicalized") data and not depend on the defaults otherwise the
"verifier" will be in trouble.

Other reference:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2005OctDec/0017.html

Anders

_______________________________________________
KEYPROV mailing list
KEYPROV at ietf.org
https://www.ietf.org/mailman/listinfo/keyprov



Related Actions Items:
No related actions
Related emails:
  1. Proposed addition to Signature Properties editors draft (from frederick.hirsch@nokia.com on 2010-01-15)
  2. ISSUE-73: XML Schema defaults [Best Practices for XML Signature] (from sysbot+tracker@w3.org on 2008-11-13)

Related notes:

2008-12-17: Closed as text has been added to Best Practices document./Magnus

Magnus Nyström, 17 Dec 2008, 15:53:06

Resolved with addition of following to best practices:

http://www.w3.org/TR/xmldsig-bestpractices/#avoid-default-schema-values

Frederick Hirsch, 14 Aug 2009, 20:27:33

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 73.html,v 1.1 2017/01/10 16:24:54 carine Exp $