OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Issue 399: Proposed Security Consideration Text

"DeMartini, Thomas" <Thomas.DeMartini@CONTENTGUARD.COM> wrote on 
06/20/2005 04:51:31 PM:
> 
> Another wording I think captures it also is:
> 1. References using XPath transforms with Absolute Path expressions and
> checking by the receiver that the URI and Absolute Path XPath expression
> evaluate to the digested nodeset.

I think the second part is implied by the first - but this text is 
otherwise fine with me.

> 
> If you're not happy with either of the above rewordings, I'm open to
> other suggestions that better capture the discussed alternative.  I just
> think the wording in the proposal for alternative #1 doesn't have enough
> details to understand the alternative.
> 
> &Thomas.
> 
> ] -----Original Message-----
> ] From: Michael McIntosh [mailto:mikemci@us.ibm.com]
> ] Sent: Monday, June 20, 2005 1:27 PM
> ] To: DeMartini, Thomas
> ] Cc: Duane Nickull; wss@lists.oasis-open.org
> ] Subject: RE: [wss] Issue 399: Proposed Security Consideration Text
> ] 
> ] "DeMartini, Thomas" <Thomas.DeMartini@CONTENTGUARD.COM> wrote on
> ] 06/20/2005 02:42:34 PM:
> ] 
> ] > Mike, my four bullets were just trying to guess at what you meant.
> ] > Given what you say below, let me try to test my understanding again.
> ] > Would the following statement be consistent with what you mean?
> ] >
> ] > References using XPath transforms with Absolute Path expressions and
> ] > validation of those expressions by receivers including
> ] > * checking that the URI for that reference resolves to the enclosing
> ] > document (initial context node),
> ] > * checking that the Absolute Path XPath expression evaluates from
> ] > the initial context node to the digested nodeset.
> ] 
> ] Now I THINK I understand your position. You are talking about policy
> ] enforcement.
> ] In that context I think your concept of "validation" translates to:
> ] * checking that the resulting nodeset is allowed or required to be
> signed.
> ] 
> ] I think this policy check needs to be performed by all receivers
> ] regardless of whether they use XPath expressions or not.
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in 
OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]