[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Comments on Core WD 01 3 Oct 03
> <DocumentURI RefURI="#doc1"> > <URI>http://acme.com/document.xml</URI> > </DocumentURI> > > The server uses <URI> to retrieve the document, and uses RefURI to > construct a <ds:Reference> for the document. We should say something about the security implications of this. It's all too easy to set things up so that the server fetches, signs, and returns, documents that the client cannot access. I should have raised this before. We may want to consider that the client can *only* send entire documents. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]