Scott Cantor wrote:
It's probably worth documenting this better somewhere, though. People
stumble over this one a lot if they sign base64 data.
Good point. I will do this. (Or at least add to my ever growing list
of things to do :<.)
Cheers,
Berin
> Do you want me to change anything in Axis? WSS4J? xml-security? to
> support this switch?
I don't think there's anything you can change. Most of the operations in
xmlsec operate on a DOM, at which point it's already been parsed. The
parsing step is where you have to step in and prevent the corru
Do you want me to change anything in Axis? WSS4J? xml-security? to
support this switch?
-- dims
On Sun, 8 Aug 2004 13:27:57 -0400, Scott Cantor <[EMAIL PROTECTED]> wrote:
> > whitespace-in-element-content? datatype-normalization?
>
> It's datatype-normalization. The other one has to do with som
> whitespace-in-element-content? datatype-normalization?
It's datatype-normalization. The other one has to do with something that schema
processing overrides.
-- Scott
whitespace-in-element-content? datatype-normalization?
On Tue, 3 Aug 2004 10:00:34 -0400, Scott Cantor <[EMAIL PROTECTED]> wrote:
> > Scott indicated that it may be possible to turn off normalisation during
> > the parsing process, but other than that the only other work-around is
> > not to valid
> Scott indicated that it may be possible to turn off normalisation during
> the parsing process, but other than that the only other work-around is
> not to validate during parse.
It is possible with Xerces, we do it in OpenSAML to enable signing a signed
object, which of course includes base64
L PROTECTED]>*
03/08/2004 13:07
Please respond to security-dev
To:[EMAIL PROTECTED]
cc:
Subject: Re: XmlDsig error with base64Binary Type
Ivan,
> 1. Your IAIK sample uses an XPath-Filter that according to my read
> should be th
nications.
Berin Lautenbach <[EMAIL PROTECTED]>
03/08/2004 13:07
Please respond to security-dev
To:
[EMAIL PROTECTED]
cc:
Subject:
Re: XmlDsig error with base64Binary
Type
Ivan,
> 1. Your IAIK sample uses an XPath-Filter that ac
Scott Cantor wrote:
Or I suppose the other option would be to make sure you validate prior
to sign. If I could think of some fancy way to do it, we could even
mark base64binary elements somehow and have the security library convert
them to normalised form as part of signing.
You mean verify fi
Ivan,
1. Your IAIK sample uses an XPath-Filter that according to my read
should be the same as an enveloping transforms - but for some reason the
xsec library is not outputting attributes when canonicalising. This
looks like a bug in the library, and would explain why the IAIK sample
does not
> Or I suppose the other option would be to make sure you validate prior
> to sign. If I could think of some fancy way to do it, we could even
> mark base64binary elements somehow and have the security library convert
> them to normalised form as part of signing.
You mean verify first and then
Scott Cantor wrote:
2. My understanding is that the use of base64binary in a schema will
cause a validating parser to callapse any whitespace during validation.
This is true as long as data type normalization is turned on. Most parsers
let you turn it off. This is required to verify signatures
> 2. My understanding is that the use of base64binary in a schema will
> cause a validating parser to callapse any whitespace during validation.
This is true as long as data type normalization is turned on. Most parsers
let you turn it off. This is required to verify signatures over base64
elem
Ivan,
I've just spent a bit of time playing around with the samples you sent
through.
Two separate issues :
1. Your IAIK sample uses an XPath-Filter that according to my read
should be the same as an enveloping transforms - but for some reason the
xsec library is not outputting attributes when
Ivan,
Certainly doesn't sound right! Do you have an example XML file, signed
with IAIK that I can have a look at?
Cheers,
Berin
[EMAIL PROTECTED] wrote:
Hi everybody!
I'm doing interoperability tests between the IAIK toolkit and
the Apache XMLDsig C++, but I've found an error th
15 matches
Mail list logo
