ISSUE-62: Clarify best practice related to order of schema validation and xml security processing for 2nd Edition

schema validation

Clarify best practice related to order of schema validation and xml security processing for 2nd Edition

State:
CLOSED
Product:
XML Signature Best Practices
Raised by:
Frederick Hirsch
Opened on:
2008-10-08
Description:
XML Schema validation can cause DOM to be updated to have validated value, this results in changes that can impact the output of canonicalization. Thus order matters, since do not have schema aware canonicalization.

Issues may also arise when signature or encrypted elements added, with intermediary processing encryption can not always be undone.

Provide best practice information related to this issue.

incorporates

Requirement to validate xml before application processing, signature processing, thus need to read entire document before processing, thus not true streaming
http://www.w3.org/2008/xmlsec/track/issues/22

Schema not validating when enveloped signature added and not included in original doc schema
http://www.w3.org/2008/xmlsec/track/issues/33

Requirement to enable signatures on documents that do not anticipate signatures in the schema
http://www.w3.org/2008/xmlsec/track/issues/44

Effects of schema normalization on signature verification
http://www.w3.org/2008/xmlsec/track/issues/51
Related Actions Items:
No related actions
Related emails:
  1. Draft minutes for Jul 28 (from cantor.2@osu.edu on 2009-07-28)
  2. Agenda: F2F meeting 2009-01-13/14 (v3) (from frederick.hirsch@nokia.com on 2009-01-12)
  3. Agenda: F2F meeting 2009-01-13/14 (v2) (from frederick.hirsch@nokia.com on 2009-01-06)
  4. ISSUE-62 (schema validation): Clarify best practice related to order of schema validation and xml security processing for 2nd Edition [Best Practices for XML Signature] (from sysbot+tracker@w3.org on 2008-10-08)

Related notes:

No additional notes.

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 62.html,v 1.1 2017/01/10 16:24:53 carine Exp $