At 2012-10-16 00:23 +0200, Simon Josefsson wrote:
"G. Ken Holman" <[email protected]> writes:
> <xsd:element ref="ds:Signature" minOccurs="0" maxOccurs="1">
...
> I hope this helps.
Thank you -- 'ref="ds:Signature"' is used in SAML Assertion as well so
it seems like a good approach.
Not "good", but correct. The declaration you showed creates an
element named "Signature" in the incorrect namespace, not in the
digital signature namespace. I believe that example you cite is
absolutely wrong.
More insight into this would be appreciated. Is there any way the RFC
6030 approach could work? I'm concerned that there is an example in the
RFC that people may have modelled their implementations after. My
current approach to remove the ds: prefix on the Signature element leads
to valid XML so that workaround would works even if isn't kosher.
It may be well-formed XML but it isn't valid according to the XMLDsig
specification. That specification states that Signature must be in
the digital signature namespace (the prefix "ds:" is irrelevant;
"simon:Signature" is schema valid if
xmlns:simon="http://www.w3.org/2000/09/xmldsig#";). The specification is clear:
http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-Signature
... and the spec shows it being declared both with a prefix (in XSD)
and without a prefix (in DTD). The prefix is irrelevant. The
namespace URI is crucial.
If people don't use XML properly, I can't see why they would expect
it to work. This is basic namespace-valid XML stuff.
I have a free video lecture on namespaces (in general, not specific
to digital signatures) in my XSLT class at:
http://www.CraneSoftwrights.com/links/udemy-ptux-online.htm
(54:09 mark of Module 1 Lecture 1 - The XML Family of Recommendations)
Having some pointer to text in the XMLDsig standard explaining that this
is improper would help.
Why would a standard describe what is incorrect? How would it know
what to put in the list if incorrect things before the standard is
out in the public being incorrectly used? Wouldn't having such
examples lead to confusion if users don't read the document properly
and start quoting the incorrect examples? Users should just
implement it correctly. It looks like some are already reading not
reading the document properly.
Please forgive my frustration. This isn't a fault of XML, it is a
fault of the people writing incorrect examples.
I hope this has helped.
. . . . . . . . Ken
--
Contact us for world-wide XML consulting and instructor-led training
Free 5-hour lecture: http://www.CraneSoftwrights.com/links/udemy.htm
Crane Softwrights Ltd. http://www.CraneSoftwrights.com/z/
G. Ken Holman mailto:[email protected]
Google+ profile: https://plus.google.com/116832879756988317389/about
Legal business disclaimers: http://www.CraneSoftwrights.com/legal
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
