¥Address wrapping attacks
¥Simplify/modify/profile transform processing
¥SHA-1
¥Mitigate denial of service and other attacks
–Limit XSLT, Transforms, Timeouts/limits, Resource
resolution (References vs. KeyInfo), Operation order
–Relying party get Reference material as has been
signed
–SignedInfo canonicalization issues (comments)
¥Other practices
–Pre-normalize entities before signing?
¥Document Best Practices/Security Considerations