[xmlsec] namepace and cannoalization methods

Aleksey Sanin aleksey at aleksey.com
Wed Jul 23 08:41:15 PDT 2003


> 1) Is there a difference between the cannonalization algorithm
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315 and
> http://www.w3.org/2001/10/xml-exc-c14n# (which I seem to
> get from XMLSec when specifying c14 without comments)?
> Why the "#" any not an exact number?
>
There are two difference C14N algorithms: XML Canonicalization [1]
(with identifier http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
and Exclusive XML Canonicalization [2] (with identifier
http://www.w3.org/2001/10/xml-exc-c14n#). In the xmlsec, the
first one has transform IDs "xmlSecTransformInclC14NId" and
"xmlSecTransformInclC14NWithCommentsId" [3]. The second
one (exclusive c14n) has transform ids "xmlSecTransformExclC14NId"
and "xmlSecTransformExclC14NWithCommentsId" [4].

Since xmlsec does not add the transform by itself, I guess
that you have specified the wrong canonicalization in signature
template.

> 2) There is still now way of specifying a namespace prefix in XMLSec?
>
Why? These are absolutely equvivalient nodes:
    "<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" />"
and
    "<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />"

But the second one is 6 characters longer. Any XML processor
should accept both and produce same internal DOM tree (I meant
that DOM tree would have same nodes, the content of the nodes
would be slightly different, of course).
Nothing is impossible and one can hack xmlsec to use a user defined
prefix but personaly I have no idea why is it needed. If you would
like to prepare such a patch look for xmlSecDSigNs and xmlSecEncNs.
But I would guess it'll be a very ugly and long patch.

IMO, if someone has problems with processing a valid XML then
it's better to fix the code that has the problem.


With best regards,
Aleksey

[1] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
[2] http://www.w3.org/TR/xml-exc-c14n
[3] 
http://www.aleksey.com/xmlsec/api/xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NID
[4] 
http://www.aleksey.com/xmlsec/api/xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NID



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20030723/09d8aaa2/attachment.htm


More information about the xmlsec mailing list