[xmlsec] Encryption and namespace
veillard at redhat.com
Tue Mar 23 08:36:15 PST 2004
On Tue, Mar 23, 2004 at 08:15:27AM -0800, Aleksey Sanin wrote:
> > It seems to me that the solution from a DSig point of view is an
> > extension
> >of the XML parsing rules, that should be looked at from a standard
> >(Aleksey, could you carry this on the W3C/IETF Working Group ?)...
> This is not XML DSig but XML Encryption spec. The spec says
> The decryptor SHOULD support the ability to replace the
> EncryptedData element with the decrypted 'element' or element
> 'content' represented by the UTF-8 encoded characters. The
> decryptor is NOT REQUIRED to perform validation on the result of
> this replacement operation.
> I think the spec is correct. It does not say *how* to replace the
> element or content.
is the decryptor required to perform "parsing" ?
The problem is that to know that the UTF-8 encoded characters contains
character which are okay for an XML document, in theory parsing is required
and parsing is only defined theorically in a document wide way.
> The xmlsec implementation tries to do it without
> serializing the whole tree and parsing it back but this might not be
> possible. I still need to take a look at the option "parse in the
> context". For example, if I can register known to me namespaces in the
> parser context then this would solve the problem.
That's an implementation issue. Parsing a substring within a node context
could be a useful addition to libxml2 API, I'm not saying it's impossible
but I try to understand the real scope of the problem, in order to get
the right solution. There is more than just in-scope namespaces which are
inherited from a document, like entities ...
Daniel Veillard | Red Hat Network https://rhn.redhat.com/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the xmlsec