Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 54513 invoked from network); 30 May 2007 16:18:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 May 2007 16:18:41 -0000 Received: (qmail 69794 invoked by uid 500); 30 May 2007 16:18:44 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 69773 invoked by uid 500); 30 May 2007 16:18:44 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 69761 invoked by uid 99); 30 May 2007 16:18:44 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 May 2007 09:18:44 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [192.18.98.34] (HELO brmea-mail-3.sun.com) (192.18.98.34) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 May 2007 09:18:38 -0700 Received: from fe-amer-06.sun.com ([192.18.108.180]) by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l4UGIHcm027980 for ; Wed, 30 May 2007 16:18:17 GMT Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JIV00J013Y19Z00@mail-amer.sun.com> (original mail from Sean.Mullan@Sun.COM) for security-dev@xml.apache.org; Wed, 30 May 2007 10:18:17 -0600 (MDT) Received: from [129.148.174.250] by mail-amer.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JIV00AL13YGWL10@mail-amer.sun.com> for security-dev@xml.apache.org; Wed, 30 May 2007 10:18:17 -0600 (MDT) Date: Wed, 30 May 2007 12:17:42 -0400 From: Sean Mullan Subject: Re: Signature and children - redundant namespace declarations In-reply-to: <465C7438.5060504@georgetown.edu> Sender: Sean.Mullan@Sun.COM To: security-dev@xml.apache.org Message-id: <465DA3A6.6040204@sun.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7BIT References: <465C7438.5060504@georgetown.edu> User-Agent: Thunderbird 1.5.0.10 (X11/20070303) X-Virus-Checked: Checked by ClamAV on apache.org Brent Putman wrote: > When I generate a signature using XMLSignature, the library is > redundantly adding the signature namespace declaration on every child > element of the ds:Signature element. Is there any way that this > behavior can be avoided or turned off? Am I doing something wrong? I > looked in the docs, I couldn't find any relevant settings, but maybe I > missed something. This should only happen if you have a dependency on XPath, for example you are using an XPath Transform. This is to workaround a problem in Xalan, in which the parent namespace nodes are not visible in the children. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=2650 --Sean > > It would be ideal if it could be declared only once, on the ds:Signature > object itself. I know it's mostly a cosmetic thing, but one of our > OpenSAML users noticed and inquired about it, so I wanted to see if > there is an easy solution. If not, the only alternative I could think > of was to post-process the DOM and remove the redundant declarations > (before signing, of course). > > Thanks, > Brent