ISSUE-73: XML Schema defaults
XML Schema defaults
- State:
- CLOSED
- Product:
- XML Signature Best Practices
- Raised by:
- Frederick Hirsch
- Opened on:
- 2008-11-13
- Description:
- see http://www.ietf.org/mail-archive/web/keyprov/current/msg00531.html
There is a cool feature in XML Schemas that allows you to specify default values.
The not so cool side-effect is that signatures tend to break when you use this feature.
Why?
When you generate XML you usually do not use a schema, you just write.
The signature generation part do not know the schema either which means that defaults are not
emitted (well, that was I guess the whole point with defaults anyway).
When you parse XML under the control of a schema you get the defaults filled in. If you verify
signatures on the DOM tree that may be the result of the read operation it will fail.
That is, if you want to keep defaults you should probably add a paragraph telling the "signer" to
always fill in the right ("canonicalized") data and not depend on the defaults otherwise the
"verifier" will be in trouble.
Other reference:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2005OctDec/0017.html
Anders
_______________________________________________
KEYPROV mailing list
KEYPROV at ietf.org
https://www.ietf.org/mailman/listinfo/keyprov
- Related Actions Items:
- No related actions
- Related emails:
- Proposed addition to Signature Properties editors draft (from frederick.hirsch@nokia.com on 2010-01-15)
- ISSUE-73: XML Schema defaults [Best Practices for XML Signature] (from sysbot+tracker@w3.org on 2008-11-13)
Related notes:
2008-12-17: Closed as text has been added to Best Practices document./Magnus
Magnus Nyström, 17 Dec 2008, 15:53:06Resolved with addition of following to best practices:
http://www.w3.org/TR/xmldsig-bestpractices/#avoid-default-schema-values
Display change log