ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christof Soehngen" <Christof.Soehn...@SYRACOM.DE>
Subject Prefix-problems using xpathfilter?
Date Thu, 06 May 2004 14:07:36 GMT
Hello there,
the XML/WS security specs offer the possibility to sign only certain xml elements by applying
a transformation before evaluation the digest. One of those transformations is the xpathfilter.
Now I am not sure, how to use this filter in practice: I want to sign only body and - say
- the timestamp element from the security header. The xpathfilter "forces" me to use prefixes
to adress these elements.
But in the specs, prefixes are not normative, so an intermediary could change those prefixes.
There are two questions bugging me:
1. How can the sender adress the correct element if he only knows localname and namespace
but not the prefix that will be used in future messages (this could be handled by inspecting
the xml-structure first and finding the prefix to a given namespace).
2. What happens, if an intermediary changes namespaces during the transport? According to
the spec, this should be no problem, since they are not mandatory.
On the other hand, most of the times when a prefix is changed, the whole signature becomes
invalid, does it? 
Any ideas?
Regards, Christof
View raw message