W3C Publishes XML Signature Best Practices First Public Draft

The XML Security Working Group has published the First Public Working Draft of XML Signature Best Practices. The XML Signature specification offers powerful and flexible mechanisms to support a variety of use cases. This flexibility has the downside of increasing the number of possible attacks. One countermeasure to the increased number of threats is to follow best practices, including a simplification of the use of XML Signature where possible. This document outlines best practices noted by the XML Security Specifications Maintenance Working Group, the XML Security Working Group, and other ideas cited at the Workshop on Next Steps for XML Security. While most of these best practices are related to improving security and mitigating attacks, yet others are for best practices in the practical use of XML Signature, such as signing XML that doesn't use namespaces. Learn more about the Security Activity.