[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Issue 399: Proposed Security Consideration Text
Michael: I concur with your thinking below which is why I question it initially. I see no reason to have pseudo implementation guidelines. The intent of the original comment perhaps belongs in a best practices or implementation profile white paper. +1 Duane Nickull Michael McIntosh wrote: > >Nothing other than currently specified functionality is required in order >for this to work. ><SNIP> >There is no doubt that XPath expressions might be generated which evaluate >to a nodeset >other than that which was intended, an empty (or other constant) nodeset >for example; >but the normal checks to verify that what must be signed is signed and >what must not be >signed is not should address that case. > > > >>&Thomas. >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]