1
specifications. The WSS core uses the latest Canonicalization spec.,
2
Exclusive XML Canonicalization, at the URL
3
http://www.w3.org/TR/xml-exc-c14n/ , while the SAML core specification,
4
which is the basis for the WSS SAML Token Binding specification, uses the
5
base Canonicalization, i.e. non-exclusive Canonicalization spec., at URL
6
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 . The main difference is
7
that the Exclusive XML Canonicalization spec. handles the situation where a
8
child element may be moved and used independent of its parent and thus may
9
have to add the namespaces that were part of the parent element, whereas the
10
non-Exclusive spec doesn't handle this situation. This may result in a
11
verification failure of the signature when using the non-exclusive
12
Canonicalization. The problem arises because the dsig spec was accepted
13
before the Exclusive Canonicalization spec. was written and thus doesn't
14
reference the Exclusive Canonicalization spec.
b'\\ No newline at end of file'