Please, read the FAQ for explanations why it is done the way it is done.
Aleksey
Larry Bugbee wrote:
Aleksey,
A DTD might suffice as a temporary workaround, but I don't believe a user of xmlsec or pyxmlsec should have to supply a DTD to fix things. Especially as Andrew points out, when such is not the case with other implementations. Are we not in need of a change?
To xmlsec or libxml2? I can see a lot of points and counterpoints, but my first impression is that xmlsec should accept 'Id' attributes if the value matches the signature's URI fragment reference. Is a change to libxml the right way to do that? I dunno. Like I said, point/counterpoint. ...but something's not right.
Thots?
...and I was so close. ;-)
Larry
See also:
http://www.aleksey.com/pipermail/xmlsec/2003/001154.html
http://lists.labs.libre-entreprise.org/pipermail/pyxmlsec-devel/2004- October/000023.html (and #24)
On Oct 10, 2004, at 7:20 PM, Andrew Fan wrote:
Larry Bugbee wrote:
Yes, there is some implementation error or unintent of xmlsec or libxml. It is sure that ID is an DTD defined attributes, but other xml security toolkits( such as java, apache ) treats it as ID attribute, while libxml just treats it as normal attribute during the DOM building. Because core xmlsec take no responsibility to build a the DOM, so it have no ideas to find the ID refered node, I think.Andrew,
I read your email thread from a couple of months back having to do with detached signatures. (http://www.aleksey.com/pipermail/xmlsec/2003/001154.html) I'm having the same problem and am not happy with the 'suggested solution'. Before I go any further I want to check and see if you discovered anything new.
Rereading the W3C specification, section 4.3.3 and especially 4.3.3.3, I see the word 'MUST' several times and no hint at needing to provide a DTD. ...although FAQ section 3.2 (http://www.aleksey.com/xmlsec/faq.html) talks about a DTD to cover a *warning* for empty node sets. But, if they are not empty, a DTD should not be necessary. I believe there is an implementation error somewhere between xmlsec and libxml.
I implemented according to Alsksey's suggections in his FAQs.
Am I missing something?
Thanks,
Larry
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
