W3C home > Mailing lists > Public > public-xmlsec@w3.org > March 2009

RE: Transform Note Design Decisions

From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 30 Mar 2009 16:00:33 -0400
To: "'Pratik Datta'" <pratik.datta@oracle.com>, "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
Cc: "'Thomas Roessler'" <tlr@w3.org>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <065901c9b172$2f773760$8e65a620$@2@osu.edu>
Pratik Datta wrote on 2009-03-30:
> E.g. consider a signed SAML assertion.   The declaration for the saml
> namespace may be in the <saml:Assertion> itself, or in the
> <wsse:Security> ancestor element. Also the wsse:Security element may
> include other namespace declaration that are not used inside the SAML
> assertion.   The saml assertion should be movable from one message to
> another without breaking the signature.
> 
> So we need to support all the namespace complexity with Exclusive C14N,
> Exclusive C14N with InclusivePrefixList and Inclusive.

Just curious, is there any actual use case for Inclusive once you've been
forced to support Exclusive?

Separate question...is there an optimization possible if one were to require
that the input tree (or trees) was already carrying the right set of
namespace declarations (and none that shouldn't be there)?

-- Scott
Received on Monday, 30 March 2009 20:01:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT