OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] RE: Public comment, namespace inheritance

One more Example

Konrad Lanz
Your comment discusses the need for a <dss:XMLSignature>, but I'm afraid I didn't understand that?
First <dss:XMLSignature> is somewhat similar to <dss:XMLData>. However inside <dss:XMLSignature> only
a <ds:Signature> is allowed whereas inside <dss:XMLData> DssXmlPayload is allowed, which is a lot less restrictive.

However <ds:XMLSignature> is also a kind of payload that has to be treated free of ancestry context as in the
case of an Enveloping or Detached signature the modification of the Signature element would break the signature.

So if the ds:Signature inherits the xmlns:dss=".....xsd" declaration, it is broken.

Assuming the outer default namespace is the dss namespace then including of xmlns="" to remove the
default namespace context or inheriting xmlns:dss="...." will break the signature

To avoid that <XMLExampleDocument> would be believed to be in the outer default namespace a redeclaration of
the default namespace to be empty (xmlns="") is required and we also need to get rid of the ancestry namespace
context (i.e.xmlns:dss="...." xmlns:XXX="..." etc..) .

Assume an Enveloping Signature that looks like this:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  .....
  <ds:Object Id="object"><XMLExampleDocument>...</XMLExampleDocument></ds:Object>
</ds:Signature>

It would however be broken by something like this:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="" xmlns:dss="...." xmlns:XXX="...">
  .....
  <ds:Object Id="object"><XMLExampleDocument>...</XMLExampleDocument></ds:Object>
</ds:Signature>

However the following is allright in XML 1.0:
<dss:XMLSignature xmlns="" xmlns:dss="...." xmlns:XXX="...">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  .....
  <ds:Object Id="object"><XMLExampleDocument>...</XMLExampleDocument></ds:Object>
</ds:Signature>
</dss:XMLSignature>

as the ds:Signature Node can be freed from its ancestry context (here xmlns:dss="...." xmlns:XXX="...") by using
DOM's importNode method and importing it into a new document.

 In XML 1.1 even any association of the prefix with a namespace name could be removed by empty values.
<dss:XMLSignature xmlns="" xmlns:dss="" xmlns:XXX="">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  .....
  <ds:Object Id="object"><XMLExampleDocument>...</XMLExampleDocument></ds:Object>
</ds:Signature>
</dss:XMLSignature>
and the importNode trick is not required any more.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]