santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <>
Subject Re: Undeclared namespace prefix
Date Sat, 04 Oct 2008 07:40:33 GMT
Raul Benito schrieb:
> I was talkinb about the use of them alone and then need to be c14n by
> itself. Anyway I see the point, and I think is one of the sane ones to be
> use outside of the signature. But please in order to not repeat it can you
> send me the junit test case. It will be make the change faster, and it also
> will allowed us not do the same mistake again.

Sure - I need to extract a "pure" xmlsec unit test out out the overall WSS4J
unit test.

Just another thought in this context:
The XML Signature specification (and the many other XML specifications in
general) do not restrict usage of all the XML elements they define. Usually
there is no definition of "this is an internal element" or "this is an external
element" (xmlsec implements elements as objects).

For example KeyInfo is used in XML Signature as well as in XML Encryption
specifications. Other elements specified in XML Signature may be re-used
elsewhere (see to the large set of OASIS Web Service specifications :-)  ).

In my understanding an implementation of XML Security specification (such as
xmlsec) shall expect that _every_ element could be used in some other context,
even stand-alone. There is no reason why an application shall not be able to
re-use for example a "Reference" element, or a "X509Data" element as a
stand-alone element if the application's XML structure requires this. And of
course an application shall be able to use xmlsec in this case - because it
exists, is tested, and implements these elements.

There is also no such definition as "a sane use outside as signature" - any
application decides on its own what is "sane" or "insane" with respect to the
XML structures it uses.

As a summary: there is *no reason* (and in large parts it's counter-productive)
to single out elements that are defined in the specifications and make them
usable in one specific context only.


> On Fri, Oct 3, 2008 at 5:15 PM, Werner Dittmann <
>> wrote:
>> Raul Benito schrieb:
>>> Hello,
>>> I think I made the change so I will try to defend it, first of all the use
>>> of KeyInfo out of a Signature it is not a use case I was looking to.
>> Raul,
>> KeyInfo as such (as an XML element) is not used inside Signature only. If
>> you
>> have a look into the OASIS WSS specification you will see that KeyInfo is
>> used everywhere (nearly everywhere) a key is used, thus also to store
>> information
>> and references to encryption keys and so on. And these are exactly the test
>> cases
>> that break when we use KeyInfo to implement OASIS WSS.
>> Regards,
>> Werner
>> So
>>> perhaps we break it as we don't look at it. And sadly the old api is full
>>> of
>>> internal objects that can be use external. And I see KeyInfo like that.
>>> So in order to fix, can you write a test case that fails and submit a bug,
>>> I
>>> will update the code in SVN head.
>>> Thanks,
>>> Raul

View raw message