ISSUE-62: Clarify best practice related to order of schema validation and xml security processing for 2nd Edition
schema validation
Clarify best practice related to order of schema validation and xml security processing for 2nd Edition
- State:
- CLOSED
- Product:
- XML Signature Best Practices
- Raised by:
- Frederick Hirsch
- Opened on:
- 2008-10-08
- Description:
- XML Schema validation can cause DOM to be updated to have validated value, this results in changes that can impact the output of canonicalization. Thus order matters, since do not have schema aware canonicalization.
Issues may also arise when signature or encrypted elements added, with intermediary processing encryption can not always be undone.
Provide best practice information related to this issue.
incorporates
Requirement to validate xml before application processing, signature processing, thus need to read entire document before processing, thus not true streaming
http://www.w3.org/2008/xmlsec/track/issues/22
Schema not validating when enveloped signature added and not included in original doc schema
http://www.w3.org/2008/xmlsec/track/issues/33
Requirement to enable signatures on documents that do not anticipate signatures in the schema
http://www.w3.org/2008/xmlsec/track/issues/44
Effects of schema normalization on signature verification
http://www.w3.org/2008/xmlsec/track/issues/51
- Related Actions Items:
- No related actions
- Related emails:
- Draft minutes for Jul 28 (from cantor.2@osu.edu on 2009-07-28)
- Agenda: F2F meeting 2009-01-13/14 (v3) (from frederick.hirsch@nokia.com on 2009-01-12)
- Agenda: F2F meeting 2009-01-13/14 (v2) (from frederick.hirsch@nokia.com on 2009-01-06)
- ISSUE-62 (schema validation): Clarify best practice related to order of schema validation and xml security processing for 2nd Edition [Best Practices for XML Signature] (from sysbot+tracker@w3.org on 2008-10-08)
Related notes:
No additional notes.
Display change log
