Appendix A: Data Validation Ideas
The following are a list of ideas about additional data validation that the aggregator might perform in the future. If you have ideas, add them below. Many of the ideas listed below are related to the type of data with the anticipation that there will be a framework that allows such type-based validators to be associated with specific data within an item being operated upon.
- Check that String is not empty
- Check that String is not composed solely of whitespace
- Check scheme is 'https'
- Ensure there are no query params
- Ensure URL is reachable (i.e., returns a status code other than 404)
X.509 Certificate Validation
- Check that key is of certain size
- Check that exponent is of certain size or greater than some value
- Check that the subject DN only contains one, single-valued CN
- Check that subjectAltNames are used
- Check that only certain types of subjectAltNames
- Check that cert is signed by one of a given set of CAs
- Check that the cert has not expired
- If a CRL distribution points appear, check to insure the certificate has not been revoked