[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Issue 399: Proposed Security Consideration Text
"DeMartini, Thomas" <Thomas.DeMartini@CONTENTGUARD.COM> wrote on 06/20/2005 04:51:31 PM: > > Another wording I think captures it also is: > 1. References using XPath transforms with Absolute Path expressions and > checking by the receiver that the URI and Absolute Path XPath expression > evaluate to the digested nodeset. I think the second part is implied by the first - but this text is otherwise fine with me. > > If you're not happy with either of the above rewordings, I'm open to > other suggestions that better capture the discussed alternative. I just > think the wording in the proposal for alternative #1 doesn't have enough > details to understand the alternative. > > &Thomas. > > ] -----Original Message----- > ] From: Michael McIntosh [mailto:mikemci@us.ibm.com] > ] Sent: Monday, June 20, 2005 1:27 PM > ] To: DeMartini, Thomas > ] Cc: Duane Nickull; wss@lists.oasis-open.org > ] Subject: RE: [wss] Issue 399: Proposed Security Consideration Text > ] > ] "DeMartini, Thomas" <Thomas.DeMartini@CONTENTGUARD.COM> wrote on > ] 06/20/2005 02:42:34 PM: > ] > ] > Mike, my four bullets were just trying to guess at what you meant. > ] > Given what you say below, let me try to test my understanding again. > ] > Would the following statement be consistent with what you mean? > ] > > ] > References using XPath transforms with Absolute Path expressions and > ] > validation of those expressions by receivers including > ] > * checking that the URI for that reference resolves to the enclosing > ] > document (initial context node), > ] > * checking that the Absolute Path XPath expression evaluates from > ] > the initial context node to the digested nodeset. > ] > ] Now I THINK I understand your position. You are talking about policy > ] enforcement. > ] In that context I think your concept of "validation" translates to: > ] * checking that the resulting nodeset is allowed or required to be > signed. > ] > ] I think this policy check needs to be performed by all receivers > ] regardless of whether they use XPath expressions or not. > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]