[xmlsec] Encryption and namespace
Aleksey Sanin
aleksey at aleksey.com
Tue Mar 23 08:15:27 PST 2004
> It seems to me that the solution from a DSig point of view is an extension
> of the XML parsing rules, that should be looked at from a standard perspective
> (Aleksey, could you carry this on the W3C/IETF Working Group ?)...
This is not XML DSig but XML Encryption spec. The spec says
(http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption):
The decryptor SHOULD support the ability to replace the
EncryptedData element with the decrypted 'element' or element
'content' represented by the UTF-8 encoded characters. The
decryptor is NOT REQUIRED to perform validation on the result of
this replacement operation.
I think the spec is correct. It does not say *how* to replace the
element or content. The xmlsec implementation tries to do it without
serializing the whole tree and parsing it back but this might not be
possible. I still need to take a look at the option "parse in the
context". For example, if I can register known to me namespaces in the
parser context then this would solve the problem.
Aleksey
More information about the xmlsec
mailing list