- From: Scott Cantor <cantor.2@osu.edu>
- Date: Mon, 30 Mar 2009 16:00:33 -0400
- To: "'Pratik Datta'" <pratik.datta@oracle.com>, "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
- Cc: "'Thomas Roessler'" <tlr@w3.org>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Pratik Datta wrote on 2009-03-30: > E.g. consider a signed SAML assertion. The declaration for the saml > namespace may be in the <saml:Assertion> itself, or in the > <wsse:Security> ancestor element. Also the wsse:Security element may > include other namespace declaration that are not used inside the SAML > assertion. The saml assertion should be movable from one message to > another without breaking the signature. > > So we need to support all the namespace complexity with Exclusive C14N, > Exclusive C14N with InclusivePrefixList and Inclusive. Just curious, is there any actual use case for Inclusive once you've been forced to support Exclusive? Separate question...is there an optimization possible if one were to require that the input tree (or trees) was already carrying the right set of namespace declarations (and none that shouldn't be there)? -- Scott
Received on Monday, 30 March 2009 20:01:35 UTC