[xmlsec] namespace definition significant ?

Aleksey Sanin aleksey at aleksey.com
Wed Apr 13 06:51:03 PDT 2011


You need to make sure that whoever creates a signature
follows the W3C standard

Aleksey


On 4/13/11 6:46 AM, Roland Hedberg wrote:
> Does this mean that I have to get the application upstream to make sure the xmlns specification is there or is there some way I can prevent xmlsec1 from adding it ?
>
>
> On Apr 13, 2011, at 15:42, Aleksey Sanin wrote:
>
>> Yes.
>>
>> http://www.w3.org/TR/xml-c14n
>>
>> Aleksey
>>
>>
>> On 4/13/11 6:41 AM, Roland Hedberg wrote:
>>> Hi!
>>>
>>> Trying to find out why a signature verification failed.
>>> So, I compared what I got and what xmlsec1 has as predigest data.
>>>
>>> Nothing that I could see except for the fact that xmlsec1 in the predigest data has added xmlns specifications for xsi.
>>>
>>> <ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
>>>
>>> The original was:
>>>
>>> <ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>
>>>
>>> Is this significant ??
>>>
>>> --Roland
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
> --Roland
>


More information about the xmlsec mailing list