[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Proposed text on C14N
I don't know that much about xml and maybe I'm being naive, but why should we require canonicalization that adds any xmlns attributes to the XML being signed? If for application purposes the xml being signed needs to be self contained then it should be the applications responsibility to ensure that happens and for SecurityTokens or other parts of the WS-Security header that are being signed we can could require that as well. At 12:04 PM 8/28/2003, Frederick.Hirsch@nokia.com wrote: >Merlin > >Thanks I think you expressed it well. I think I meant the same as you with >my original wording - that inclusive is safer from a security point if >you can use it. > >In your last paragraph you raise an interesting point - is it unique to >SOAP signing? >Aren't ids also an issue if I put a pure XML Digital Signature signed >document fragment into another document? I guess most use cases involving >XML context change are around messaging. > >regards, Frederick > >Frederick Hirsch >Nokia Mobile Phones > > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]