OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Issue 399: Proposed Security Consideration Text

Michael:

I concur with your thinking below which is why I question it initially.  
I see no reason to have pseudo implementation guidelines.  The intent of 
the original comment perhaps belongs in a best practices or 
implementation profile white paper.

+1

Duane Nickull

Michael McIntosh wrote:

>
>Nothing other than currently specified functionality is required in order 
>for this to work.
><SNIP>
>There is no doubt that XPath expressions might be generated which evaluate 
>to a nodeset
>other than that which was intended, an empty (or other constant) nodeset 
>for example;
>but the normal checks to verify that what must be signed is signed and 
>what must not be
>signed is not should address that case.
>
>  
>
>>&Thomas.
>>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]