You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Marc Giger (JIRA)" <ji...@apache.org> on 2012/09/09 21:41:07 UTC

[jira] [Assigned] (SANTUARIO-327) Add a secure validation switch for streaming signature processing

     [ https://issues.apache.org/jira/browse/SANTUARIO-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marc Giger reassigned SANTUARIO-327:
------------------------------------

    Assignee: Marc Giger  (was: Colm O hEigeartaigh)
    
> Add a secure validation switch for streaming signature processing
> -----------------------------------------------------------------
>
>                 Key: SANTUARIO-327
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-327
>             Project: Santuario
>          Issue Type: Improvement
>          Components: Java
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: Java 2.0.0
>
>
> This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):
>    a) Limits the number of Transforms per Reference to a maximum of 5.
>    b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
>    c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
>    d) Do not allow local or remote references
>    e) Enforce maximum depth of the xml
>    f) Guarantee that the dereferenced element is unique...is this already enforced?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira