xmlbeans-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: xmlbeans xml security
Date Fri, 02 Jul 2004 23:14:23 GMT
Noah Campbell wrote:

> As I understand c14n (and I'm learning volumes as I prepare to
> implement a C14NSaver) the namespace is discarded in the
> cananocialized form.  Sure the output is not xml valid, or namespace
> collisions cause a lossy form, but this is okay.  The point is not to
> have a valid doc but a representation that will be unique on a byte
> level.

David's already answered this - but just to cover off.  Attribute qnames 
and namespaces are fully included in a canonicalised document, except 
exclusive C14n, where they will be discarded if they are not actually 
used.  This is because namespaces impact the meaning of a document, and 
namespace prefixes could potentially be used to define some meaning in 
the doc (although I truly hope not!).  A signature must be made invalid 
if anything in the document changes that might impact it's meaning.

The output of C14n will be a well formed document for a full document or 
full sub-tree canonicalisation.  Where an XPath (or other) transform has 
selected nodes that together do not provide a well formed document the 
output will not be well-formed.  (There are some fantastic test cases 
for c14n interoperability that give truly weird outputs :>.)

For full document canonicalisation, I cannot easily think of a document 
where the canonicalised form would not be valid if the input document 
was valid (maybe exclusive c14n where default namespaces attributes were 
discuarded?).  C14n is really just a strongly defined serialisation routine.


- ---------------------------------------------------------------------
To unsubscribe, e-mail:   xmlbeans-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xmlbeans-dev-help@xml.apache.org
Apache XMLBeans Project -- URL: http://xml.apache.org/xmlbeans/

View raw message