Dittmann Werner wrote:
<cite>
* Finally, employ the canonicalization method specified as a parameter to the transform to serialize N to produce the octet stream output of this transform; but, in place of any
dereferenced <wsse:SecurityTokenReference> element Ri and its descendants,
process the dereferenced node set Ri' instead. During this step, canonicalization of the
replacement node set MUST be augmented as follows:
o Note: A namespace declaration xmlns="" MUST be emitted with every apex
element that has no namespace node declaring a value for the default
namespace; cf. XML Decryption Transform.
</cite>
As Raul indicates, this is counter to the c14n spec.
Having said that - it's also in line with XML encryption, and is used to ensure that an encrypted xml "fragment" can be reparsed in the original namespace context.
Is this the same reason here? If so, maybe we should augment the c14n class to allow for emmitting a xmlns="" at the apex node(s) if appropriate?
(We're going to need to do this sooner or later for xml encryption in any case.)
Cheers,
Berin