[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Namespace inheritance, other approach
> The namespace prefixes
> from <NamespaceContext> are passed to the Exclusive Canonicalization
> algorithm as an "InclusiveNamespacesPrefixList".
Then just call it I...N..P..List?
> (Note: I have trouble understanding the Canonical XML specs. I hope
> others with more expertise can review this).
Let me try. Ignoring the details that don't matter (e.g., rules
about when to add newlines in comment nodes that appear before the
root, etc), here is the difference.
c14n "imports" all declared namespaces into the toplevel node of
what you're canonicalizing. This means that if someone takes a some
signed XML and puts it into a SOAP message, the signature will break
(because the SOAP namespace, which has to appear in the outer element
now gets imported into the message within the SOAP body).
exc-c14n says "do not import any namespaces unless (and until) they
are visibly used, such as the qname of an element or attribute."
Except, that you might have a qname as content (attribute value of
element content), so you can declare some namespaces as "used"
and therefore import them into your document, even if you
can't tell that they are used.
Hope this helps.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]