- From: Aleksey Sanin <aleksey@aleksey.com>
- Date: Fri, 31 May 2002 10:40:46 -0700
- To: merlin <merlin@baltimore.ie>
- Cc: w3c-ietf-xmldsig@w3.org
- Message-ID: <3CF7B59E.9010408@aleksey.com>
Merlin,
Thanks for your explanation. I agree with you that your result
seems correct. However, the C14N spec has following example:
Section 3.3 (http://www.w3.org/TR/xml-c14n#Example-SETags)
<e6 xmlns="" xmlns:a="http://www.w3.org">
<e7 xmlns="http://www.ietf.org">
<e8 xmlns="" xmlns:a="http://www.w3.org">
<e9 xmlns="" xmlns:a="http://www.ietf.org"/>
</e8>
</e7>
</e6>
is canonicalized to
<e6 xmlns:a="http://www.w3.org">
<e7 xmlns="http://www.ietf.org">
<e8 xmlns="">
<e9 xmlns:a="http://www.ietf.org" attr="default"></e9>
</e8>
</e7>
</e6>
Can you explain why there is no xmlns:a="http://www.w3.org" declaration
in <e8>, please?
Thanks,
Aleksey
merlin wrote:
>This is *NOT* the same node set as the result of just
>ancestor-or-self::bar:Something; it is the following
>(showing the namespace axis explicitly, and omitted
>nodes in []):
> [foo:Root ... ]
> <bar:Something xmlns:bar="http://example.org/bar"
> [xmlns:baz="http://example.org/baz"]
> [xmlns:foo="http://example.org/foo"]
> [xmlns="http://example.org/"]>
> <foo:Something [xmlns:bar="http://example.org/bar"]
> [xmlns:baz="http://example.org/baz"]
> xmlns:foo="http://example.org/foo"
> [xmlns="http://example.org/"]>
> <bar:Something xmlns:bar="http://example.org/bar"
> [xmlns:baz="http://example.org/baz"]
> [xmlns:foo="http://example.org/foo"]
> [xmlns="http://example.org/"]>
> <foo:Something [xmlns:bar="http://example.org/bar"]
> [xmlns:baz="http://example.org/baz"]
> xmlns:foo="http://example.org/foo"
> [xmlns="http://example.org/"]>
> <baz:Something [xmlns:bar="http://example.org/bar"]
> xmlns:baz="http://example.org/baz"
> [xmlns:foo="http://example.org/foo"]
> [xmlns="http://example.org/"] />
> </foo:Something>
> </bar:Something>
> </foo:Something>
> </bar:Something>
> [Signature ... /]
> [/foo:Root]
>
>Now, according to the XPath spec (which you quote in your
>next mail), a namespace node is only suppressed if
>the nearest ancestor element of its parent element that is
>in the node set has a namespace node in the node set with
>the same local-name and value. For the namespace nodes
>of the second bar:Something and foo:Something elements,
>this condition is not met; although those matching
>namespace nodes do exist, they are not *in the node set*.
>Hence my c14n. Now I will grant that this is not a normal
>case, and that I may be in error, however I don't think so.
>
>Merlin
>
>
>
>>With best regards,
>>
>>Aleksey Sanin
>>XML Security Library <http://www.aleksey.com/xmlsec>.
>>
>>
>>
>>merlin wrote:
>>
>>
>>
>>>Hi,
>>>
>>>Attached is a signature with 9 XPath-transformed examples
>>>run through c14, exc-c14n and exc-c14n with an inclusive
>>>namespace prefix list. The XPath transforms variously
>>>manipulate the namespace axis to demonstrate c14n behaviour
>>>in different situations. For example:
>>>
>>><foo:Root xmlns:bar="http://example.org/bar"
>>> xmlns:baz="http://example.org/baz"
>>> xmlns:foo="http://example.org/foo"
>>> xmlns="http://example.org/"
>>> xml:lang="en-ie">
>>> <bar:Something>
>>> <foo:Something>
>>> <bar:Something>
>>> <foo:Something>
>>> <baz:Something />
>>> </foo:Something>
>>> </bar:Something>
>>> </foo:Something>
>>> </bar:Something>
>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" ... />
>>></foo:Root
>>>
>>>The following XPath selects the bar:Something subtree, but
>>>only includes namespace nodes that are directly used by their
>>>parent element.
>>>
>>> ancestor-or-self::bar:Something and
>>> (self::text() or
>>> (namespace-uri() != "") or
>>> (string(self::node()) = namespace-uri(parent::node())))
>>>
>>>I believe that the canonical form is then:
>>>
>>><bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
>>> <foo:Something xmlns:foo="http://example.org/foo">
>>> <bar:Something xmlns:bar="http://example.org/bar">
>>> <foo:Something xmlns:foo="http://example.org/foo">
>>> <baz:Something xmlns:baz="http://example.org/baz"></baz:Somethin
>>>
>>>
>>g>
>>
>>
>>> </foo:Something>
>>> </bar:Something>
>>> </foo:Something>
>>> </bar:Something>
>>>
>>>And I believe that the exclusive canonical form is:
>>>
>>><bar:Something xmlns:bar="http://example.org/bar">
>>> <foo:Something xmlns:foo="http://example.org/foo">
>>> <bar:Something>
>>> <foo:Something>
>>> <baz:Something xmlns:baz="http://example.org/baz"></baz:Somethin
>>>
>>>
>>g>
>>
>>
>>> </foo:Something>
>>> </bar:Something>
>>> </foo:Something>
>>> </bar:Something>
>>>
>>>Merlin
>>>
>>>
>>>
>>>
>>
>>
>
>
>-----------------------------------------------------------------------------
>The information contained in this message is confidential and is intended
>for the addressee(s) only. If you have received this message in error or
>there are any problems please notify the originator immediately. The
>unauthorised use, disclosure, copying or alteration of this message is
>strictly forbidden. Baltimore Technologies plc will not be liable for
>direct, special, indirect or consequential damages arising from alteration
>of the contents of this message by a third party or as a result of any
>virus being passed on.
>
>This footnote confirms that this email message has been swept for Content
>Security threats, including computer viruses.
>http://www.baltimore.com
>
>
Received on Friday, 31 May 2002 13:39:53 UTC