Canonicalization leaves whitespace in document content alone (though any whitespace in element tags - that is, between the '<' and '>' that start and end a tag - is normalized). See http://www.w3.org/TR/2001/REC-xml-c14n-20010315#Example-WhitespaceInCont ent. What behavior are you seeing that seems inconsistent with the specification?
> -----Original Message----- > From: Martin Ravell [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 30, 2005 7:36 PM > To: security-dev@xml.apache.org > Subject: RE: Enveloped suggestions > > Just had a crack at using the id and it seems to work. Given > that my app is > building the XML to begin with I think I can live with the > limitations you > mentioned. > > I notice that the reference samples (JWSDP 1.5) seem to ignore the > canonicalization process on both the signing and verification > processes. (I > tested removing some whitespace and wondered why it would not > verify until I > took a closer look at the code). > > So I guess I'm still interested in which of the Apache > samples fits best > (and does canonicalization properly). > > > > Regards > Marty > > -----Original Message----- > From: Martin Ravell [mailto:[EMAIL PROTECTED] > Sent: Friday, 1 July 2005 8:28 AM > To: security-dev@xml.apache.org > Subject: RE: Enveloped suggestions > > Thanks for the pointer Scott. I'll take another look at the reference > implementation. > > I'm kind of interested in the Apache security stuff now and > my question on > which of the samples to focus on still stands. Can you (or > anyone out there > on the list) suggest a tutorial or even just which of the samples best > covers the process of creating an enveloped signature and > then validates it? > > > Thanks > Marty > > > > -----Original Message----- > From: Scott Cantor [mailto:[EMAIL PROTECTED] > Sent: Friday, 1 July 2005 12:58 AM > To: security-dev@xml.apache.org > Subject: RE: Enveloped suggestions > > > I had also looked at the reference implementation that > ships with the > JWSDP > > 1.5 but had problems in being able to specify a particular > element via > URI. > > The sample given seems to specify the whole document with a "" blank > String > > but when I try a relative URI (#elementname) it falls on it's arse. > > You can't specify an element in a fragment by name, only by > ID. Which has > its own set of endless problems since IDs are technically > only legal in the > presence of a DTD, so there are endless hacks to try and > establish what > attributes are IDs and they all require knowing ahead of time > what's been > signed. > > -- Scott > > > >
