[xmlsec] Xml Signature verification failure
Rich Salz
rsalz at datapower.com
Fri Jun 20 08:41:39 PDT 2003
> Although XPath selects "<Object></Object>", after c14n
> transforming, it will be
> "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>".
That's not right. The "default namespace" node is no different than any
other namespace node (except that it is assigned the name "xmlns"). You
have to include the namspace in your Xpath expression.
This is a common problem -- Xpath subsetting leaves out inherited
namespaces. That is why exc-c14n was created. You should look at that
spec, particularly section 2
http://www.w3.org/TR/xml-exc-c14n/#sec-ExclusiveNeed
It explains why c14n doesn't do what you want.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec
mailing list