Re: Namespace Inclusions

Hi Matt,

This was done loooong ago, but dredging the memory on
something I never particularly understood too well...

xmlsig canonicalisation involves namespace expansion
so as not to get confused by inherited/defaulted
namespaces, e.g. if it says "foo:bar" somewhere in
a signed thingy, then the namespace declaration(s!)
for "foo:" could be outside of the range of the signed
stuff, but you still have to expand "foo:" as part of
(some?) c14n algorithms.

I think that all this was saying was that if an xkms
structure contains a ds:Signature then you'd better not
use a "foo:" namespace that collides with something
used in SOAP, or the signature verification c14n stuff
can go awry.

I'm sure others will recall better, but that's my
recollection,

Regards,
Stephen.

Matt Long wrote:

> Section 3.2 (Bindings) [1] states:
> 
> “Insertion of an XKMS message into the SOAP message structure must not 
> alter namespace prefixes, or use of default namespaces, within the XKMS 
> message. Any change in these encodings will likely break an XML 
> Signature internal to the XKMS messages due to the use of QNames and 
> namespace prefixes. The implementer must insure that prefix values used 
> with the SOAP namespaces http://www.w3.org/2003/05/soap-envelope (SOAP 
> 1.2) and http://schemas.xmlsoap.org/soap/envelope/ (SOAP 1.1) do not 
> conflict with prefixes used in the XKMS message.”
> 
>  
> 
>  
> 
> I read this to suggest some form of ‘prefix-collision’, which I do not 
> understand.  Is the intent is to make XKMS prefixes unique vs. soap 
> prefixes, why?  How can a resolved URI of a prefix within the XKMS 
> message created any issue with the soap:Envelope, soap:Body, or soap:Header.
> 
>  
> 
>  
> 
> [1] http://www.w3.org/TR/xkms2-bindings/#XKMS_2_0_Section_3_2
> 
> 
> 
> --
> Matt Long
> MV Squared Technologies
> mlong@mvsquared.net
> 901-848-2640
> 
> 
> 
> ________________________________________________
> Message sent using UebiMiau 2.7.2

Received on Thursday, 19 May 2005 11:47:57 UTC