[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 399: Proposed Security Consideration Text
Here is my proposal for the Security Consideration section:
Note that XML Signatures using Shorthand XPointer References protect
against the removal and modification of XML elements. XML Signatures using
Shorthand XPointer References do not protect the location of the element
within the XML Document. In the general case of XML Documents and
Signatures, this issue may be resolved by signing the entire XML Document
and/or strict XML Schema specification and enforcement. SOAP encourages a
relatively lax Schema (especially with respect to Header blocks), and an
Intermediary processing model where elements may be added and removed
along the Message Path. Therefore, signing the entire SOAP Envelope and
strict XML Schema enforcement are not desirable solutions. Alternatives
include (but are not limited to):
Strict policy specification and enforcement regarding what parts
of messages MUST/MAY to be signed,
References using Absolute Path XPath expressions.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]