[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 399: Proposed Security Consideration Text
Here is my proposal for the Security Consideration section: Note that XML Signatures using Shorthand XPointer References protect against the removal and modification of XML elements. XML Signatures using Shorthand XPointer References do not protect the location of the element within the XML Document. In the general case of XML Documents and Signatures, this issue may be resolved by signing the entire XML Document and/or strict XML Schema specification and enforcement. SOAP encourages a relatively lax Schema (especially with respect to Header blocks), and an Intermediary processing model where elements may be added and removed along the Message Path. Therefore, signing the entire SOAP Envelope and strict XML Schema enforcement are not desirable solutions. Alternatives include (but are not limited to): Strict policy specification and enforcement regarding what parts of messages MUST/MAY to be signed, References using Absolute Path XPath expressions.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]