[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] canonicalization for XACML instances being signed
For what it's worth, I think making signed XACML assertions depend on UDDI's schema canonicalization is a bad idea. For example, I can't recall schema-c14n *ever* being mentioned in the WS-Security group. > Related question: do we actually need to deal with canonicalized > XACML schema instances? If the instances are always signed and > signature-verified in their unparsed text/octetstring form, then > there is no need for canonicalization. Or rather, there's no need for C14N that's schema-aware. You can just use the common c14n and exc-c14n mechanisms as may be appropriate. I strongly encourage you to treat it as you describe above. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]