XML canonicalization question

Cantor, Scott cantor.2 at osu.edu
Tue Apr 28 12:27:50 EDT 2020

On 4/28/20, 12:18 PM, "users on behalf of Christopher Bongaarts" <users-bounces at shibboleth.net on behalf of cab at umn.edu> wrote:

> Is my understanding correct?

Yes, but there's an InclusivePrefixList parameter [1] to c14n that identifies namespaces to be handled inclusively, and we should be adding that with xsd included. The SP certainly does, and I have a long history of passing the xsi:types around in my IdP that I plan to finally kill off in V4 so I know most SPs certainly are getting this correct and that we must be specifying it correctly.

If I were you I would turn off the stupid type encoding and be done with it. It's wasted time trying to do it. But that said, the vendor's got a bug and if they have one, they have others. They're trying to implement XML Signature themselves and there is no chance whatsoever they will get it right, and "wrong" there is a security bug.

-- Scott

[1] From an Amazon sample:
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"

More information about the users mailing list