[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Namespace inheritance, other approach
> The namespace prefixes > from <NamespaceContext> are passed to the Exclusive Canonicalization > algorithm as an "InclusiveNamespacesPrefixList". Then just call it I...N..P..List? > (Note: I have trouble understanding the Canonical XML specs. I hope > others with more expertise can review this). Let me try. Ignoring the details that don't matter (e.g., rules about when to add newlines in comment nodes that appear before the root, etc), here is the difference. c14n "imports" all declared namespaces into the toplevel node of what you're canonicalizing. This means that if someone takes a some signed XML and puts it into a SOAP message, the signature will break (because the SOAP namespace, which has to appear in the outer element now gets imported into the message within the SOAP body). exc-c14n says "do not import any namespaces unless (and until) they are visibly used, such as the qname of an element or attribute." Except, that you might have a qname as content (attribute value of element content), so you can declare some namespaces as "used" and therefore import them into your document, even if you can't tell that they are used. Hope this helps. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]