- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Mon, 28 May 2001 08:04:21 +0200
- To: "merlin" <merlin@baltimore.ie>
- Cc: <w3c-ietf-xmldsig@w3.org>
Merlin, <Gregor> > > I have not thought a lot about the consequences of the following idea, > > but anyway: Should we add an additional rule both to the processing > > rules for signature generation and validation, that the SignedInfo > > element should be isolated from its context prior to computing > > the canonicalized representation? </Gregor> <Merlin> > Unfortunately we can't isolate SignedInfo. An XPath/XSLT Transform > can legitimately rely on inherited namespaces. I have a queued > followup to my earlier question on this topic, I just need to > finish it. </Merlin> <Gregor> You are right, in the current specification the XPath transform can inherit the namespaces from the ancestors of the Transform element. But, already in the current situation, it is possible to add additional namespace declarations to the XPath parameter element. If we now state that all namespaces that should be in scope for the XPath expression must explicitely declared as namespace attributes of the XPath parameter element, then we can isolate SignedInfo. </Gregor> Liebe Gruesse/Regards, --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Monday, 28 May 2001 02:03:42 UTC