> Because we use it in WSS4J we always rely on the backward compatibility. > Changing the WSS4J code just to circumvent a problem would cause a major > effort to many applications that actually use WSS4J. Before changing > WSS4J we shall check if a fix in xmlsec is more appropriate.
If the issue is with how the XML is being serialized, that's your responsibility, not xmlsec's. Namespace declarations can't be assumed. You need to manage the DOM rigorously and with great attention to detail. The fact that a lot of code in these Apache projects doesn't is exactly why we did our own. -- Scott
