Re: [xmlsec] namespace definition significant ?

Wed, 13 Apr 2011 07:24:15 -0700 

You are correct - it is hard to say something w/o having a big picture :)
One these two links should help you to figure out what exactly should be produced 

http://www.w3.org/TR/xml-c14n
http://www.w3.org/TR/xml-c14n11/


Aleksey


On 4/13/11 7:20 AM, Roland Hedberg wrote:

Hmm, looking at the XML again I'm not so sure anymore.
Sorry, I might have misled you, not giving you the whole picture.

The fact is that what I'm verifying is a SAML Response where the Assertion is 
signed.
The whole document contains a xmlns:xsi specification, namely at the top, in 
the Response element.

But if you only look at the Assertion element by itself there is none.

The Assertion element is a child to the Response element, hence it doesn't have 
to have the xmlns:xsi specification since a parent has it.
The same goes for the Attributes elements that exist below the Assertion 
element.
But this is only if you look at the Reponse as a XML document.

Does the fact that the Assertion element is a signed element force the 
inclusion of a xmlns:xsi specification in the Assertion tree ?
Ignoring what is defined in unsigned parent elements ?

Phrased differently *MUST* the Assertion element be self contained ?

On Apr 13, 2011, at 15:42, Aleksey Sanin wrote:


Yes.

http://www.w3.org/TR/xml-c14n

Aleksey


On 4/13/11 6:41 AM, Roland Hedberg wrote:

Hi!

Trying to find out why a signature verification failed.
So, I compared what I got and what xmlsec1 has as predigest data.

Nothing that I could see except for the fact that xmlsec1 in the predigest data 
has add xmlns specifications for xsi.

<ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>

The original was:

<ns1:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns1:AttributeValue 
xsi:type="xs:string">foo</ns1:AttributeValue></ns1:Attribute>

Is this significant ??

--Roland

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

--Roland


_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to