PowerPoint Presentation - Principles and Requirements

Requirements: Security

ĄAddress wrapping attacks

ĄSimplify/modify/profile transform processing

ĄSHA-1

ĄMitigate denial of service and other attacks

–Limit XSLT, Transforms, Timeouts/limits, Resource resolution (References vs. KeyInfo), Operation order

–Relying party get Reference material as has been signed

–SignedInfo canonicalization issues (comments)

ĄOther practices

–Pre-normalize entities before signing?

ĄDocument Best Practices/Security Considerations