It seems to me that the solution from a DSig point of view is an extension
of the XML parsing rules, that should be looked at from a standard perspective
(Aleksey, could you carry this on the W3C/IETF Working Group ?)...
This is not XML DSig but XML Encryption spec. The spec says (http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption):
The decryptor SHOULD support the ability to replace the EncryptedData element with the decrypted 'element' or element 'content' represented by the UTF-8 encoded characters. The decryptor is NOT REQUIRED to perform validation on the result of this replacement operation.
I think the spec is correct. It does not say *how* to replace the element or content. The xmlsec implementation tries to do it without serializing the whole tree and parsing it back but this might not be possible. I still need to take a look at the option "parse in the context". For example, if I can register known to me namespaces in the parser context then this would solve the problem.
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
