[xmlsec] Encryption and namespace

Aleksey Sanin aleksey at aleksey.com
Tue Mar 23 08:15:27 PST 2004

>   It seems to me that the solution from a DSig point of view is an extension
> of the XML parsing rules, that should be looked at from a standard perspective
> (Aleksey, could you carry this on the W3C/IETF Working Group ?)... 
This is not XML DSig but XML Encryption spec. The spec says

    The decryptor SHOULD support the ability to replace the
    EncryptedData element with the decrypted 'element' or element
    'content' represented by the UTF-8 encoded characters. The
    decryptor is NOT REQUIRED to perform validation on the result of
    this replacement operation.

I think the spec is correct. It does not say *how* to replace the
element or content. The xmlsec implementation tries to do it without
serializing the whole tree and parsing it back but this might not be
possible. I still need to take a look at the option "parse in the
context". For example, if I can register known to me namespaces in the
parser context then this would solve the problem.


More information about the xmlsec mailing list