[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XSLT Transform Warning for XMLDsig, conformance profile wording, first attempt.
XMLDsig allows arbitrary XSLT Transformations when constructing
the plaintext over which a signature or reference is created. Conforming applications that allow use of XSLT
transformations when verifying either signatures or references are encouraged
to maintain lists of “safe” transformations for a given partner,
service, action and role combination. Static analysis of XSLT expressions with
a human user audit is encouraged for trusting a given expression as
“safe” == I think this captures the intent of our “warning”
that is to be included in conformance profiles. Conformance profiles that support both ebMS versions 2 and 3
probably also need a comment noting that the ebMS XSLT transform in version 2
is currently thought to be “safe” |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]