- From: Rob Lugt <roblugt@elcel.com>
- Date: Wed, 16 May 2001 14:45:05 +0100
- To: "merlin" <merlin@baltimore.ie>, <w3c-ietf-xmldsig@w3.org>
"merlin" <merlin@baltimore.ie> wrote: > > I've been running into some issues with XMLDSIG (specifically, portability > of signatures) which make it difficult to use in a few situations. > > XPath states that an element's namespace axis includes all non-overridden > namespace declarations from all ancestors. C14N then states that we > must write these out during canonicalization, whether or not they are > used. This means, as we know, that signatures cannot be successfully > moved into documents which have other namespaces in force. > > I have an application that generates signed contracts: > > <Contract xmlns="&foo;"> > ... > <Signature xmlns="&dsig;"> > ... > </Signature> > </Contract> > > I then ship the contract off for remote processing: > > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> > ... > <SOAP-ENV:Body> > <Contract> > ... > </Contract> > </SOAP-ENV:Body> > </SOAP-ENV:Envelope> > > The contract signature is now invalid. > I see your point and believe that it needs further research. However, a solution that would enable you to stay true to the current specification would be to make use of the default namespace for your SOAP envelope. For example, your signature would remain valid if you structured your document like this:- <Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> <Body> ... <Contract xmlns="&foo;"> <Signature xmlns="&dsig;">...</Signature> </Contract> </Body> </Envelope> Is this any help? Regards Rob Lugt ElCel Technology http://www.elcel.com/
Received on Wednesday, 16 May 2001 09:43:19 UTC