AW: STR-Transform question

Pete,

when we did the interop tests some time ago we did not encounter
this problem. Did you check your implementation with
other interop implementations except WSS4J?

Otherweise we can disable the input c14n and make this as
a switch-on/switch-off option. In additon, STRTransform is
AFAIK not used that much, if at all, in "real-world" applications.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Pete Hendry 
> [mailto:peter.hendry-aXhhQsCQISd54TAoqtyWWQ@xxxxxxxxxxxxxxxx] 
> Gesendet: Dienstag, 20. September 2005 10:35
> An: wss4j-dev-28n8OjmUYWfNLxjTenLetw@xxxxxxxxxxxxxxxx
> Betreff: STR-Transform question
> 
> 
> I am currently performing interop testing against WSS4J with our own 
> WS-Security implementation. I have come up against a couple of issues 
> (with the configuration for axis - something for another 
> email) but now 
> have scenarios 1-6 working fine. Scenario 7 uses the STR-Transform. I 
> cannot get this to work and have traced the WSS4J 
> STRTransform class to 
> work out why.
> 
> The algorithm described in section 8.3 of the WS-Security 
> specification 
> for STR-Transform is a little unclear about how the C14N 
> algorithm is to 
> be applied. It implies that it possibly should be applied to 
> the input 
> node *before* the rest of the algorithm is applied. WSS4J 
> appears to use 
> this interpretation. The STRTransform class first runs the 
> input through 
> the Canonicalizer and then follows the STRTransform processing rules 
> which end with the result again being run through the Canonicalizer. 
> However, I do not believe that was the intention of the algorithm. It 
> should only Canonicalize the output node.
> 
> There is an errata for this very issue which clarifies this point. It 
> states that
> 
> ------
> Lines 1034-1036 of WSS 1.0 state:
>  "The transform takes a single mandatory parameter, a
> <ds:CanonicalizationMethod> element, which is used to 
> serialize the input
> node set."
> 
> should be
> 
> "The transform takes a single mandatory parameter, a
> <ds:CanonicalizationMethod> element, which is used to 
> serialize the output
> node set."
> 
> Line 1056 of WSS 1.0 states:
> "process the dereferenced node set Ri' instead."
> 
> should be
> 
> "process the dereferenced node set Di' instead."
> -------
> 
> I believe the WSS4J STRTransform is incorrectly C14Ning the 
> input node 
> when it should only C14N the output node. This is causing my interop 
> test to fail.
> 
> Pete
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> wss4j-dev-unsubscribe-28n8OjmUYWfNLxjTenLetw@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: 
> wss4j-dev-help-28n8OjmUYWfNLxjTenLetw@xxxxxxxxxxxxxxxx
> 
>