> However, when experimenting with the (Java) Canonicalizer class, using > the method ALGO_ID_C14N_EXCL_OMIT_COMMENTS, I see that it does include > whitespace (using xmlsec-1.2.1).
XML c14n is not the same as schema c14n. The inclusive and exclusive c14n specs do not specify that the resulting output is in schema c14n form, and since they don't involve schema at all, they wouldn't know what the types were in order to perform that step. > Am I reading the spec incorrectly, or is this a bug in the > canonicalizer ? You're confusing two specs. Note that the implication of this is that you have to be very careful when validating XML and then verifying signatures over it because of how parsers work. Using data normalization while parsing can corrupt the signature, and virtually every parser version has subtle differences in how they deal with base64. -- Scott
