W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

AW: AW: signature portability / C14N / inherited namespaces

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Mon, 28 May 2001 08:04:21 +0200
To: "merlin" <merlin@baltimore.ie>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <LBEPJAONIMDADHFHAEAOAEAPCGAA.gregor.karlinger@iaik.at>

> >  I have not thought a lot about the consequences of the following idea,
> >  but anyway: Should we add an additional rule both to the processing
> >  rules for signature generation and validation, that the SignedInfo
> >  element should be isolated from its context prior to computing
> >  the canonicalized representation?
> Unfortunately we can't isolate SignedInfo. An XPath/XSLT Transform
> can legitimately rely on inherited namespaces. I have a queued
> followup to my earlier question on this topic, I just need to
> finish it.

You are right, in the current specification the XPath transform can
inherit the namespaces from the ancestors of the Transform element.

But, already in the current situation, it is possible to add additional
namespace declarations to the XPath parameter element.

If we now state that all namespaces that should be in scope for
the XPath expression must explicitely declared as namespace attributes
of the XPath parameter element, then we can isolate SignedInfo.

Liebe Gruesse/Regards, 
DI Gregor Karlinger
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Received on Monday, 28 May 2001 02:03:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:10:05 UTC