- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Thu, 31 May 2001 09:21:24 +0200
- To: "merlin" <merlin@baltimore.ie>, "Gregor Karlinger" <gregor.karlinger@iaik.at>
- Cc: <w3c-ietf-xmldsig@w3.org>
Received on Thursday, 31 May 2001 03:22:21 UTC
Merlin, > Hi Gregor, > > r/gregor.karlinger@iaik.at/2001.05.24/14:08:19 > > I have not thought a lot about the consequences of the following idea, > > but anyway: Should we add an additional rule both to the processing > > rules for signature generation and validation, that the SignedInfo > > element should be isolated from its context prior to computing > > the canonicalized representation? > > Unfortunately we can't isolate SignedInfo. An XPath/XSLT Transform > can legitimately rely on inherited namespaces. I have a queued > followup to my earlier question on this topic, I just need to > finish it. > > Merlin Yes, some transforms could rely on inherited namespaces. But if we change the processing model slightly, we can cope with this problem: Simply state that all namespaces that are used in a transform MUST be declared in the Transform element. Liebe Gruesse/Regards, --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Thursday, 31 May 2001 03:22:21 UTC